apk package
chainguard/mysql-8.0-oci-entrypoint-compat
pkg:apk/chainguard/mysql-8.0-oci-entrypoint-compat
Vulnerabilities (666)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15358 | — | < 8.0.38-r0 | 8.0.38-r0 | Jun 27, 2020 | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | ||
| CVE-2020-11080 | — | < 8.0.38-r0 | 8.0.38-r0 | Jun 3, 2020 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T | ||
| CVE-2020-1967 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 21, 2020 | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognise | ||
| CVE-2020-2930 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serv | ||
| CVE-2020-2928 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser | ||
| CVE-2020-2926 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compro | ||
| CVE-2020-2925 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su | ||
| CVE-2020-2924 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser | ||
| CVE-2020-2923 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser | ||
| CVE-2020-2922 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot | ||
| CVE-2020-2921 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to com | ||
| CVE-2020-2904 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser | ||
| CVE-2020-2903 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | ||
| CVE-2020-2901 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser | ||
| CVE-2020-2898 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe | ||
| CVE-2020-2897 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser | ||
| CVE-2020-2896 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | ||
| CVE-2020-2895 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes | ||
| CVE-2020-2893 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes | ||
| CVE-2020-2892 | — | < 8.0.38-r0 | 8.0.38-r0 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser |
- CVE-2020-15358Jun 27, 2020affected < 8.0.38-r0fixed 8.0.38-r0
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
- CVE-2020-11080Jun 3, 2020affected < 8.0.38-r0fixed 8.0.38-r0
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T
- CVE-2020-1967Apr 21, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognise
- CVE-2020-2930Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serv
- CVE-2020-2928Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser
- CVE-2020-2926Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compro
- CVE-2020-2925Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su
- CVE-2020-2924Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser
- CVE-2020-2923Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser
- CVE-2020-2922Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
- CVE-2020-2921Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to com
- CVE-2020-2904Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser
- CVE-2020-2903Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- CVE-2020-2901Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser
- CVE-2020-2898Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe
- CVE-2020-2897Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser
- CVE-2020-2896Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- CVE-2020-2895Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes
- CVE-2020-2893Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes
- CVE-2020-2892Apr 15, 2020affected < 8.0.38-r0fixed 8.0.38-r0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser
Page 22 of 34