Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-27451

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Apr, 2022 | 12:57
Updated At-03 Aug, 2024 | 05:25
Rejected At-
Credits

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Apr, 2022 | 12:57
Updated At:03 Aug, 2024 | 05:25
Rejected At:
â–¼CVE Numbering Authority (CNA)

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.mariadb.org/browse/MDEV-28094
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220526-0006/
x_refsource_CONFIRM
Hyperlink: https://jira.mariadb.org/browse/MDEV-28094
Resource:
x_refsource_MISC
Hyperlink: https://security.netapp.com/advisory/ntap-20220526-0006/
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.mariadb.org/browse/MDEV-28094
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20220526-0006/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://jira.mariadb.org/browse/MDEV-28094
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20220526-0006/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Apr, 2022 | 13:15
Updated At:30 Jun, 2022 | 12:52

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
MariaDB Foundation
mariadb
>>mariadb>>Versions from 10.4.0(inclusive) to 10.4.25(exclusive)
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
MariaDB Foundation
mariadb
>>mariadb>>Versions from 10.5.0(inclusive) to 10.5.16(exclusive)
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
MariaDB Foundation
mariadb
>>mariadb>>Versions from 10.6.0(inclusive) to 10.6.8(exclusive)
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
MariaDB Foundation
mariadb
>>mariadb>>Versions from 10.7.0(inclusive) to 10.7.4(exclusive)
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jira.mariadb.org/browse/MDEV-28094cve@mitre.org
Exploit
Issue Tracking
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220526-0006/cve@mitre.org
Third Party Advisory
Hyperlink: https://jira.mariadb.org/browse/MDEV-28094
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20220526-0006/
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

42Records found
CVE-2022-32087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 76.64%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 19:10
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CVE-2022-32088
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.63%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 19:10
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CVE-2022-32081
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationFedora Project
Product-mariadbfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2022-32091
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.46%
||
7 Day CHG-0.11%
Published-01 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxfedoramariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-32083
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.09%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 19:10
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CVE-2022-32089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

Action-Not Available
Vendor-n/aMariaDB FoundationFedora Project
Product-mariadbfedoran/a
CVE-2022-32085
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.02%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 19:10
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CVE-2022-32084
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.46%
||
7 Day CHG-0.11%
Published-01 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxfedoramariadbn/a
CVE-2022-32086
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 19:10
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CVE-2022-32082
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 38.59%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationFedora Project
Product-mariadbfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2022-27457
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.42%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:57
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27448
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.11%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:56
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2022-27381
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.18%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-27387
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.83%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-27445
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.40%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:56
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CVE-2022-27384
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.18%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-27378
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.18%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-27377
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.47%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27446
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.08%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:56
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CVE-2022-27449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.70%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:56
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CVE-2022-27380
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.96%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-27376
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.47%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27379
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.18%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-27385
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.22%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-27455
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.42%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:57
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27452
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.25%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:57
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CVE-2022-27444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.97%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:56
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CVE-2022-27447
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.86%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:56
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27383
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.86%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2022-27382
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.25%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.

Action-Not Available
Vendor-n/aMariaDB Foundation
Product-mariadbn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2018-25032
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.17%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 00:00
Updated-21 Aug, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Action-Not Available
Vendor-zlibazulgoton/aNetApp, Inc.Fedora ProjectDebian GNU/LinuxSparkle MotionSiemens AGMicrosoft CorporationPython Software FoundationApple Inc.MariaDB Foundation
Product-h410cmacospythonhci_compute_nodeh500s_firmwareh300s_firmwarescalance_sc642-2c_firmwaremac_os_xscalance_sc646-2c_firmwareh700s_firmwaremariadbscalance_sc622-2c_firmwaremanagement_services_for_element_softwarescalance_sc632-2c_firmwarezlibh410sh410s_firmwarenokogiriontap_select_deploy_administration_utilityscalance_sc636-2cfedorawindowsscalance_sc642-2cgotoassisth300sscalance_sc626-2czuluscalance_sc626-2c_firmwarescalance_sc636-2c_firmwareh410c_firmwarescalance_sc646-2cactive_iq_unified_managerscalance_sc622-2ce-series_santricity_os_controllerh700sdebian_linuxscalance_sc632-2ch500soncommand_workflow_automationn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27386
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.18%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:14
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-46669
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.89%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 01:46
Updated-04 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxfedoramariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2023-5157
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.81% / 74.45%
||
7 Day CHG+0.21%
Published-26 Sep, 2023 | 13:25
Updated-28 Apr, 2026 | 06:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

Action-Not Available
Vendor-MariaDB FoundationFedora ProjectRed Hat, Inc.
Product-enterprise_linux_server_tusenterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endianenterprise_linux_eusenterprise_linux_server_ausenterprise_linux_for_power_little_endian_eusenterprise_linuxenterprise_linux_for_ibm_z_systems_eusmariadbenterprise_linux_for_arm_64enterprise_linux_for_arm_64_eusfedoraRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Software Collections for Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update Support
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-0778
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.86% / 91.48%
||
7 Day CHG-0.68%
Published-15 Mar, 2022 | 17:05
Updated-22 May, 2026 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite loop in BN_mod_sqrt() reachable when parsing certificates

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Action-Not Available
Vendor-NetApp, Inc.Tenable, Inc.Siemens AGNode.js (OpenJS Foundation)OpenSSLMariaDB FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxsantricity_smi-s_providernode.jsopenssla250mariadb500fclustered_data_ontap500f_firmwarea250_firmwarenessusclustered_data_ontap_antivirus_connectorstoragegridfedoracloud_volumes_ontap_mediatorOpenSSLSIMATIC MV550 HSCALANCE W786-2IA RJ45SIMATIC S7-1200 CPU 1214C AC/DC/RlySCALANCE XR326-2C PoE WG (without UL)SIPLUS S7-1200 CP 1243-1SIMATIC CP 1242-7 V2SCALANCE MUM856-1 (RoW)SIMATIC S7-1500 CPU 1513R-1 PNSCALANCE XF204-2BASCALANCE X307-3SIMATIC RF188CSCALANCE M876-4 (NAM)SIMATIC S7-1200 CPU 1211C DC/DC/DCSCALANCE W786-1 RJ45SIMATIC S7-1200 CPU 1211C DC/DC/RlySCALANCE M876-4 (EU)SCALANCE LPE9403SIMATIC CP 1628SIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1200 CPU 1212C AC/DC/RlySIPLUS S7-1200 CPU 1215 DC/DC/DCSCALANCE X306-1LD FESCALANCE MUM853-1 (EU)SIPLUS S7-1200 CPU 1212 AC/DC/RLYSINAMICS Startdrive V15.1SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC CP 443-1 OPC UASCALANCE S615 LAN-RouterSCALANCE XB213-3 (SC, E/IP)SIPLUS ET 200SP CPU 1510SP-1 PNSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XB208 (PN)SIMATIC S7-1500 CPU 1512C-1 PNSIRIUS Soft Starter ES V15.1 (TIA Portal)Security Configuration Tool (SCT)SIPLUS NET CP 1242-7 V2SIPLUS ET 200SP CPU 1512SP F-1 PNSCALANCE W748-1 M12SIPLUS S7-1500 CPU 1511-1 PN T1 RAILSCALANCE X308-2LHBFCClientSCALANCE XR528-6M (2HR2)SIMATIC HMI Unified Comfort Panels familySCALANCE XR326-2C PoE WGSIMATIC S7-1500 CPU 1511C-1 PNSIMATIC Cloud Connect 7 CC716SIMATIC RF166CSIMATIC WinCC V17SIPLUS NET SCALANCE XC216-4CSIMATIC S7-1200 CPU 1215FC DC/DC/DCSIMATIC Logon V1.6SIPLUS S7-1500 CPU 1518F-4 PN/DPSCALANCE M816-1 ADSL-RouterSCALANCE XR324-4M PoE (24V, ports on front)RUGGEDCOM ROX RX1510SIMATIC PCS 7 TeleControlSCALANCE WUM763-1SCALANCE XC216EECSIMATIC RF615RSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE XR552-12M (2HR2, L3 int.)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X320-1 FESCALANCE X320-1-2LD FESIMATIC S7-1200 CPU 1215C DC/DC/DCSCALANCE M804PBRUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1524SCALANCE XF204-2SCALANCE X307-2 EEC (230V, coated)SCALANCE XR324WG (24 X FE, DC 24V)SIMATIC S7-1200 CPU 1212FC DC/DC/DCSIMATIC ET 200SP CPU 1510SP F-1 PNSINAMICS DCC V15.1SCALANCE W1788-2IA M12SCALANCE XR324-4M EEC (2x 24V, ports on front)SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSINEMA Remote Connect ServerSIPLUS NET SCALANCE XC206-2SIPLUS S7-1200 CPU 1214 DC/DC/RLYSIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1500 CPU 1515F-2 PNSINAMICS DCC V16SCALANCE WAM766-1 EEC (US)SCALANCE X202-2P IRTSCALANCE XR324-12M TS (24V)SCALANCE XR524-8C, 2x230V (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSIPLUS ET 200SP CPU 1510SP F-1 PN RAILTeleControl Server Basic V3SCALANCE W1748-1 M12SCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE XC216-4C G (EIP Def.)SIMATIC WinCC Unified (TIA Portal)SCALANCE XM408-8CSIMATIC CP 1243-8 IRCSCALANCE W1788-2 EEC M12SCALANCE X212-2SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC S7-PLCSIM AdvancedSCALANCE WAM766-1 EECSCALANCE W788-2 M12SIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSCALANCE X206-1LDSIRIUS Soft Starter ES V17 (TIA Portal)SIMATIC S7-1200 CPU 1214C DC/DC/RlySCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on rear)SIPLUS S7-1500 CPU 1517H-3 PNSIMATIC RF610RSCALANCE X202-2P IRT PROSIMATIC MV550 SSIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSCALANCE X408-2SIMATIC S7-1200 CPU 1211C AC/DC/RlySCALANCE XP208 (Ethernet/IP)SIMATIC PDMSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSCALANCE XC224-4C GSIMATIC RF185CSCALANCE XR324-12M (24V, ports on front)SIMATIC CP 1243-7 LTE USRUGGEDCOM ROX RX1400SIMATIC S7-1500 CPU 1511TF-1 PNRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE X308-2M TSSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSCALANCE W1750D (ROW)SIPLUS S7-1200 CP 1243-1 RAILSCALANCE X302-7 EEC (230V)SCALANCE X302-7 EEC (2x 230V)SCALANCE X308-2M PoESIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC CP 1243-1SIPLUS ET 200SP CPU 1510SP-1 PN RAILSCALANCE M826-2 SHDSL-RouterSCALANCE XR324-12M (230V, ports on rear)SIMATIC CP 1626SCALANCE W786-2 RJ45SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE XC206-2SFP GSCALANCE XC216-3G PoE (54 V DC)SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSCALANCE W1788-1 M12SCALANCE XM408-4C (L3 int.)RUGGEDCOM ROX RX5000SINAUT Software ST7scSIRIUS Soft Starter ES V16 (TIA Portal)SCALANCE XC206-2 (SC)SCALANCE XR528-6M (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSCALANCE X307-2 EEC (24V)SINEC INSSIPLUS ET 200SP CP 1543SP-1 ISEC TX RAILSIPLUS NET SCALANCE XC206-2SFPSIPLUS NET CP 443-1 AdvancedSIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1500 CPU 1515T-2 PNSCALANCE XM416-4C (L3 int.)SCALANCE XP216POE EECSIMOCODE ES V17SCALANCE XB213-3 (SC, PN)SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSCALANCE X304-2FESCALANCE XC216-4CSCALANCE XP216SIPLUS NET CP 343-1 AdvancedSIPLUS S7-1200 CPU 1214 AC/DC/RLYSIMATIC S7-1500 CPU 1515F-2 PNSIPLUS ET 200SP CP 1543SP-1 ISECSCALANCE X307-2 EEC (24V, coated)SIMATIC PCS 7 V9.0SCALANCE X302-7 EEC (2x 24V)SCALANCE W722-1 RJ45SCALANCE XB205-3LD (SC, PN)SCALANCE X308-2SCALANCE XR552-12M (2HR2)SCALANCE W788-2 M12 EECSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XB213-3 (ST, PN)SCALANCE WAM766-1 (US)SCALANCE WUM766-1 (USA)SIMATIC S7-1500 CPU 1516T-3 PN/DPSCALANCE XR524-8C, 1x230VSCALANCE X208PROSIMATIC RF186CSCALANCE X302-7 EEC (24V, coated)SIPLUS S7-1500 CPU 1518-4 PN/DPSCALANCE XP208PoE EECSCALANCE XR528-6M (2HR2, L3 int.)SIMATIC STEP 7 V15.1SIMATIC S7-1200 CPU 1215FC DC/DC/RlySIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC STEP 7 V5SCALANCE XC206-2SFP EECSCALANCE X204-2LD TSSIPLUS ET 200SP CPU 1512SP-1 PN RAILSCALANCE XP208SCALANCE XB216 (PN)SIMATIC NET PC Software V15SCALANCE X310FESIPLUS S7-1200 CPU 1212C AC/DC/RLYSCALANCE XF204IRTSCALANCE XR324-12M (24V, ports on rear)SIPLUS ET 200SP CPU 1510SP F-1 PNSCALANCE W778-1 M12 EECSCALANCE XB205-3LD (SC, E/IP)RUGGEDCOM ROX RX1511SCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XC216-4C G EECSIPLUS ET 200SP CPU 1512SP-1 PNSCALANCE SC646-2CSCALANCE X216SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSCALANCE XB205-3 (ST, E/IP)SIMATIC WinCC V16RUGGEDCOM ROX RX1501SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SIPLUS S7-1500 CPU 1515R-2 PN TX RAILSCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C G (EIP Def.)SIMATIC WinCC V7.4SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE XR524-8C, 24VSCALANCE XC206-2G PoE EEC (54 V DC)SIMATIC NET PC Software V14SCALANCE X308-2 RD (inkl. SIPLUS variants)TIA AdministratorSIMATIC S7-1200 CPU 1214FC DC/DC/RlySCALANCE M876-4SCALANCE XC208G PoE (54 V DC)SIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE X200-4P IRTSIMATIC RF188CISIMATIC RF685RSCALANCE X308-2LDSCALANCE W774-1 RJ45 (USA)SIMATIC S7-1500 CPU 1518HF-4 PNSCALANCE X212-2LDSINAUT ST7CCSCALANCE W761-1 RJ45SCALANCE XR324-12M (230V, ports on front)SIPLUS S7-1200 CPU 1214C DC/DC/RLYSIPLUS NET CP 1543-1SCALANCE SC622-2CSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC CP 1543-1SIMATIC MV540 SSIPLUS NET SCALANCE XC208SIMATIC RF650RSCALANCE WUM766-1SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE XR524-8C, 24V (L3 int.)SCALANCE XP208EECSCALANCE X308-2LH+SCALANCE XR526-8C, 1x230VSCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE W1750D (USA)SCALANCE XF202-2P IRTSIPLUS S7-1500 CPU 1511F-1 PNSCALANCE W774-1 RJ45SIMATIC S7-1200 CPU 1217C DC/DC/DCSIPLUS S7-1200 CPU 1214C AC/DC/RLYIndustrial Edge - SIMATIC S7 Connector AppSCALANCE WAM766-1SCALANCE XC216-3G PoETIA Portal Cloud V17SIMATIC S7-1200 CPU 1212FC DC/DC/RlySCALANCE XC224-4C G EECSIMATIC S7-1200 CPU 1215C DC/DC/RlySCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)OpenPCS 7 V8.2SCALANCE XB205-3 (ST, PN)SCALANCE X204-2SIMOCODE ES V15.1SCALANCE XC216-4C GSINAMICS Startdrive V16SIMATIC WinCC V15.1SIMATIC MV540 HSINEC NMSSCALANCE W788-2 RJ45SCALANCE XR526-8C, 24VSCALANCE X204-2FMSCALANCE W734-1 RJ45 (USA)SCALANCE XB208 (E/IP)RUGGEDCOM ROX RX1512SCALANCE W788-1 M12SIMATIC MV560 USIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIMATIC STEP 7 V17SCALANCE X204IRT PROSIMATIC S7-1500 CPU 1518-4 PN/DPSCALANCE X302-7 EEC (24V)SCALANCE W721-1 RJ45SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE W1750D (JP)SCALANCE XC208GSCALANCE W1788-2 M12RUGGEDCOM ROX RX1500SCALANCE M874-3SCALANCE W786-2 SFPSCALANCE XR526-8C, 2x230VSIMOTIONSCALANCE XM416-4CSIMATIC STEP 7 V16SCALANCE XC206-2G PoESCALANCE XR528-6MSIMATIC CP 1542SP-1SCALANCE XF206-1SIPLUS NET SCALANCE X202-2P IRTSCALANCE X307-2 EEC (2x 230V, coated)SCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XC208EECSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XC206-2SFPSIPLUS S7-1500 CPU 1513-1 PNSCALANCE XF204-2BA IRTSIPLUS S7-1500 CPU 1513F-1 PNSCALANCE W774-1 M12 EECSIMATIC NET PC Software V16SIMATIC MV560 XOpenPCS 7 V9.0SCALANCE X202-2IRTSIMATIC S7-1500 CPU 1511F-1 PNSCALANCE X201-3P IRTSIPLUS S7-1200 CPU 1214C DC/DC/DCSCALANCE XC208SCALANCE X302-7 EEC (230V, coated)SIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIMOTION SCOUT TIA V5.4SCALANCE XR524-8C, 2x230VSCALANCE W748-1 RJ45SIMATIC S7-1200 CPU 1214FC DC/DC/DCIndustrial Edge - OPC UA ConnectorSIMOTION SCOUT TIA V5.3SCALANCE SC642-2CSIMATIC CP 443-1 AdvancedSIMATIC CP 1243-7 LTE EUSCALANCE W788-1 RJ45SIMOCODE ES V16SCALANCE X204-2LDSCALANCE M876-3 (ROK)SIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIPLUS TIM 1531 IRCSCALANCE XP216EECSCALANCE X208SCALANCE X307-2 EEC (230V)TIA Portal Cloud V16SIPLUS S7-1200 CPU 1215 DC/DC/RLYSCALANCE SC632-2CSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSCALANCE XP216 (Ethernet/IP)SIPLUS S7-1500 CPU 1518HF-4 PNSIMATIC RF680RSCALANCE X224OpenPCS 7 V9.1SCALANCE M812-1 ADSL-RouterSCALANCE XB205-3 (SC, PN)SIMATIC ET 200SP CPU 1512SP F-1 PNSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE WAM763-1SCALANCE XB213-3LD (SC, E/IP)SIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1518T-4 PN/DPSCALANCE W738-1 M12SCALANCE M876-3SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X310TIM 1531 IRCSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XC216SIMATIC S7-1500 CPU 1517T-3 PN/DPRUGGEDCOM RM1224 LTE(4G) EUSIMATIC CP 1543SP-1SCALANCE XR552-12MSCALANCE XC206-2 (ST/BFOC)SCALANCE X308-2MSCALANCE M874-2SCALANCE W778-1 M12SCALANCE XB213-3 (ST, E/IP)SIMATIC WinCC V7.5SIMATIC S7-1500 CPU 1515TF-2 PNSCALANCE XC208G EECSIMATIC RF186CISCALANCE XB216 (E/IP)SCALANCE S615 EEC LAN-RouterSIMATIC CP 343-1 AdvancedSIMATIC S7-1500 CPU 1511-1 PNSCALANCE X201-3P IRT PROSIMATIC Drive Controller CPU 1507D TFSIPLUS S7-1200 CPU 1212C DC/DC/DCSCALANCE XF201-3P IRTSIPLUS S7-1500 CPU 1511-1 PN TX RAILRUGGEDCOM ROX MX5000RESCALANCE XM408-4CRUGGEDCOM ROX RX1536SCALANCE SC636-2CSIRIUS Safety ES V17 (TIA Portal)SIMATIC PCS 7 V9.1SCALANCE XF204 DNASIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC RF360RSCALANCE X206-1SIMATIC PCS neo (Administration Console)SIMATIC Process Historian OPC UA ServerSCALANCE XC206-2SFP G EECSINAMICS Startdrive V17SCALANCE XF204SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1200 CPU 1212C DC/DC/RlySIMATIC S7-1200 CPU 1215C AC/DC/RlySCALANCE X204-2TSSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC PCS 7 V8.2SIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC ET 200SP CPU 1512SP-1 PNRUGGEDCOM CROSSBOW Station Access Controller (SAC)SCALANCE XC208G (EIP def.)SIPLUS S7-1500 CPU 1511-1 PNSCALANCE X307-2 EEC (2x 24V)SIPLUS S7-1200 CPU 1215FC DC/DC/DCSIMATIC S7-1200 CPU 1214C DC/DC/DCSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-1500 Software Controller V2SCALANCE W778-1 M12 EEC (USA)SCALANCE X204IRTSCALANCE XC206-2G PoE (54 V DC)SIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSCALANCE W734-1 RJ45SIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC WinCC V7.3SCALANCE XC208G PoESCALANCE X307-3LDSIMATIC S7-1500 CPU 1511T-1 PNSCALANCE MUM856-1 (EU)SCALANCE XC224SCALANCE XM408-8C (L3 int.)SIMATIC NET PC Software V17SIMATIC Cloud Connect 7 CC712SCALANCE X307-2 EEC (2x 230V)SCALANCE XF204-2BA DNASCALANCE XR524-8C, 1x230V (L3 int.)SIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC CP 1545-1SIMATIC S7-1500 CPU 1515-2 PNSCALANCE X307-2 EEC (2x 24V, coated)SIPLUS S7-1200 CPU 1215C DC/DC/DCSIMATIC ET 200SP CPU 1510SP-1 PNSCALANCE XF208
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-2568
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-4.02% / 88.60%
||
7 Day CHG+0.06%
Published-16 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopenterprise_linux_server_tussolarislinux_enterprise_servercommunications_policy_managemententerprise_linux_eusenterprise_linux_server_auslinux_enterprise_software_development_kitn/a
CVE-2022-27456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.25%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:57
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2013-3801
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.62% / 70.27%
||
7 Day CHG~0.00%
Published-17 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Action-Not Available
Vendor-n/aMariaDB FoundationopenSUSEOracle CorporationSUSE
Product-linux_enterprise_desktopmariadbmysqllinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CVE-2014-8964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.06% / 84.11%
||
7 Day CHG~0.00%
Published-16 Dec, 2014 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Action-Not Available
Vendor-pcren/aMariaDB FoundationopenSUSEOracle CorporationRed Hat, Inc.Fedora Project
Product-enterprise_linux_euspcreenterprise_linux_serverenterprise_linux_workstationmariadbenterprise_linux_server_tusenterprise_linux_desktopsolarisenterprise_linux_server_ausfedoraopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1861
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-20.76% / 95.68%
||
7 Day CHG~0.00%
Published-28 Mar, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationopenSUSEOracle CorporationSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopmariadbmysqlopensuselinux_enterprise_serverlinux_enterprise_software_development_kitenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-1702
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.80% / 74.37%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationRed Hat, Inc.
Product-ubuntu_linuxenterprise_linux_workstationenterprise_linux_servermariadbmysqlenterprise_linux_desktopenterprise_linux_eusn/a
CVE-2017-3302
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.50% / 85.53%
||
7 Day CHG~0.00%
Published-12 Feb, 2017 | 04:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

Action-Not Available
Vendor-MariaDB FoundationOracle CorporationRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausMySQL Server
CWE ID-CWE-416
Use After Free
Details not found