apk package
chainguard/mariadb-10.11-oci-entrypoint
pkg:apk/chainguard/mariadb-10.11-oci-entrypoint
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-30722 | — | < 0 | 0 | Apr 15, 2025 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto | ||
| CVE-2025-30693 | — | < 0 | 0 | Apr 15, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp | ||
| CVE-2023-52971 | Med | 4.9 | < 10.11.14-r0 | 10.11.14-r0 | Mar 8, 2025 | MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. | |
| CVE-2023-52970 | Med | 4.9 | < 10.11.14-r0 | 10.11.14-r0 | Mar 8, 2025 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. | |
| CVE-2023-52969 | Med | 4.9 | < 10.11.14-r0 | 10.11.14-r0 | Mar 8, 2025 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. | |
| CVE-2024-1597 | — | < 10.11.8-r2 | 10.11.8-r2 | Feb 19, 2024 | pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeh | ||
| CVE-2022-31197 | — | < 10.11.8-r2 | 10.11.8-r2 | Aug 3, 2022 | PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious c | ||
| CVE-2022-21724 | — | < 10.11.8-r2 | 10.11.8-r2 | Feb 2, 2022 | pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin | ||
| CVE-2020-13692 | — | < 10.11.14-r0 | 10.11.14-r0 | Jun 4, 2020 | PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. |
- CVE-2025-30722Apr 15, 2025affected < 0fixed 0
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto
- CVE-2025-30693Apr 15, 2025affected < 0fixed 0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp
- affected < 10.11.14-r0fixed 10.11.14-r0
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
- affected < 10.11.14-r0fixed 10.11.14-r0
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
- affected < 10.11.14-r0fixed 10.11.14-r0
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
- CVE-2024-1597Feb 19, 2024affected < 10.11.8-r2fixed 10.11.8-r2
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeh
- CVE-2022-31197Aug 3, 2022affected < 10.11.8-r2fixed 10.11.8-r2
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious c
- CVE-2022-21724Feb 2, 2022affected < 10.11.8-r2fixed 10.11.8-r2
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin
- CVE-2020-13692Jun 4, 2020affected < 10.11.14-r0fixed 10.11.14-r0
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.