VYPR

Bitnami package

mariadb-min

pkg:bitnami/mariadb-min

Vulnerabilities (113)

  • CVE-2021-46669Feb 1, 2022
    affected < 10.2.44fixed 10.2.44

    MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

  • CVE-2021-46657Jan 29, 2022
    affected >= 10.0.0, < 10.2.39fixed 10.2.39

    get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.

  • CVE-2021-46658Jan 29, 2022
    affected >= 10.2.0, < 10.2.40fixed 10.2.40

    save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.

  • CVE-2021-46659Jan 29, 2022
    affected >= 5.5.0, < 10.2.42fixed 10.2.42

    MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.

  • CVE-2021-35604Oct 20, 2021
    affected >= 10.2.0, < 10.2.41fixed 10.2.41

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise

  • CVE-2021-2389Jul 20, 2021
    affected >= 10.2.0, < 10.2.40fixed 10.2.40

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi

  • CVE-2021-2372Jul 20, 2021
    affected >= 10.2.0, < 10.2.40fixed 10.2.40

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi

  • CVE-2020-15180May 27, 2021
    affected >= 10.1.0, < 10.1.47fixed 10.1.47

    A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, i

  • CVE-2021-2194Apr 22, 2021
    affected >= 10.2.0, < 10.2.35fixed 10.2.35

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise

  • CVE-2021-2180Apr 22, 2021
    affected >= 10.2.0, < 10.2.38fixed 10.2.38

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise

  • CVE-2021-2174Apr 22, 2021
    affected >= 10.2.0, < 10.2.18fixed 10.2.18

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi

  • CVE-2021-2166Apr 22, 2021
    affected >= 10.2.0, < 10.2.38fixed 10.2.38

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr

  • CVE-2021-2154Apr 22, 2021
    affected >= 10.2.0, < 10.2.38fixed 10.2.38

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S

  • CVE-2021-2144Apr 22, 2021
    affected >= 5.5.0, < 5.5.66fixed 5.5.66

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co

  • CVE-2021-27928Mar 19, 2021
    affected >= 10.2.0, < 10.2.37fixed 10.2.37

    A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in

  • CVE-2021-2032Jan 20, 2021
    affected >= 10.0.0, < 10.0.11fixed 10.0.11

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to

  • CVE-2021-2022Jan 20, 2021
    affected >= 10.1.0, < 10.1.46fixed 10.1.46

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro

  • CVE-2021-2011Jan 20, 2021
    affected >= 5.5.0, < 5.5.61fixed 5.5.61

    Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromis

  • CVE-2021-2007Jan 20, 2021
    affected >= 5.5.0, < 5.5.65fixed 5.5.65

    Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot

  • CVE-2020-28912Dec 24, 2020
    affected < 10.1.48fixed 10.1.48

    With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the da

Page 5 of 6