Ruhai Zhang

Researcher fromBEIJING DBSEC TECHNOLOGY CO., LTD.
#13180of 53,633
20Total CVSS
Vulnerabilities · 3
Medium
3
PT-2022-5162
6.8
2022-10-18
Oracle · Mysql Server · CVE-2022-21608
**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 5.7.39 and prior MySQL Server versions 8.0.30 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For MySQL Server versions 5.7.39 and prior, update to a version later than 5.7.39. For MySQL Server versions 8.0.30 and prior, update to a version later than 8.0.30. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.
PT-2022-15402
6.5
2022-06-24
Ibm · Ibm Db2 · CVE-2022-22389
**Name of the Vulnerable Software and Affected Versions** IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5 **Description** The issue allows an authenticated user to execute specially crafted SQL statements, potentially causing the server to terminate abnormally, resulting in a denial of service. **Recommendations** For IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5, consider restricting access to authenticated users to minimize the risk of exploitation. As a temporary workaround, consider implementing additional validation on SQL statements to prevent specially crafted inputs from causing the server to terminate abnormally. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-14011
6.7
2021-04-30
Ibm · Ibm Informix Dynamic Server · CVE-2021-20515
Name of the Vulnerable Software and Affected Versions: IBM Informix Dynamic Server version 14.10 Description: The issue is caused by improper bounds checking, leading to a stack-based buffer overflow. A local privileged user could exploit this to execute arbitrary code on the system or cause a denial of service condition. Recommendations: For IBM Informix Dynamic Server version 14.10, at the moment, there is no information about a newer version that contains a fix for this issue.