Bitnami package
mariadb
pkg:bitnami/mariadb
Vulnerabilities (103)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-2174 | — | >= 10.2.0, < 10.2.18 | 10.2.18 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi | ||
| CVE-2021-2166 | — | >= 10.2.0, < 10.2.38 | 10.2.38 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2021-2154 | — | >= 10.2.0, < 10.2.38 | 10.2.38 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S | ||
| CVE-2021-2144 | — | >= 5.5.0, < 5.5.66 | 5.5.66 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co | ||
| CVE-2021-27928 | — | >= 10.2.0, < 10.2.37 | 10.2.37 | Mar 19, 2021 | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in | ||
| CVE-2021-2032 | — | >= 10.0.0, < 10.0.11 | 10.0.11 | Jan 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to | ||
| CVE-2021-2022 | — | >= 10.1.0, < 10.1.46 | 10.1.46 | Jan 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro | ||
| CVE-2021-2011 | — | >= 5.5.0, < 5.5.61 | 5.5.61 | Jan 20, 2021 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromis | ||
| CVE-2021-2007 | — | >= 5.5.0, < 5.5.65 | 5.5.65 | Jan 20, 2021 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot | ||
| CVE-2020-28912 | — | < 10.1.48 | 10.1.48 | Dec 24, 2020 | With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the da | ||
| CVE-2020-14812 | — | >= 10.1.0, < 10.1.48 | 10.1.48 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi | ||
| CVE-2020-14789 | — | >= 10.2.0, < 10.2.35 | 10.2.35 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2020-14776 | — | >= 10.2.0, < 10.2.35 | 10.2.35 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | ||
| CVE-2020-14765 | — | >= 10.1.0, < 10.1.48 | 10.1.48 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p | ||
| CVE-2020-14550 | — | >= 5.5.0, < 5.5.61 | 5.5.61 | Jul 15, 2020 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto | ||
| CVE-2020-2922 | — | >= 5.5.0, < 5.5.65 | 5.5.65 | Apr 15, 2020 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot | ||
| CVE-2020-2814 | — | >= 10.1.0, < 10.1.45 | 10.1.45 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2020-2812 | — | >= 5.5.0, < 5.5.68 | 5.5.68 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access | ||
| CVE-2020-2780 | — | >= 5.5.0, < 5.5.66 | 5.5.66 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p | ||
| CVE-2020-2760 | — | >= 10.2.0, < 10.2.32 | 10.2.32 | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise |
- CVE-2021-2174Apr 22, 2021affected >= 10.2.0, < 10.2.18fixed 10.2.18
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
- CVE-2021-2166Apr 22, 2021affected >= 10.2.0, < 10.2.38fixed 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2021-2154Apr 22, 2021affected >= 10.2.0, < 10.2.38fixed 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S
- CVE-2021-2144Apr 22, 2021affected >= 5.5.0, < 5.5.66fixed 5.5.66
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co
- CVE-2021-27928Mar 19, 2021affected >= 10.2.0, < 10.2.37fixed 10.2.37
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in
- CVE-2021-2032Jan 20, 2021affected >= 10.0.0, < 10.0.11fixed 10.0.11
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to
- CVE-2021-2022Jan 20, 2021affected >= 10.1.0, < 10.1.46fixed 10.1.46
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro
- CVE-2021-2011Jan 20, 2021affected >= 5.5.0, < 5.5.61fixed 5.5.61
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromis
- CVE-2021-2007Jan 20, 2021affected >= 5.5.0, < 5.5.65fixed 5.5.65
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
- CVE-2020-28912Dec 24, 2020affected < 10.1.48fixed 10.1.48
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the da
- CVE-2020-14812Oct 21, 2020affected >= 10.1.0, < 10.1.48fixed 10.1.48
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
- CVE-2020-14789Oct 21, 2020affected >= 10.2.0, < 10.2.35fixed 10.2.35
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2020-14776Oct 21, 2020affected >= 10.2.0, < 10.2.35fixed 10.2.35
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- CVE-2020-14765Oct 21, 2020affected >= 10.1.0, < 10.1.48fixed 10.1.48
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
- CVE-2020-14550Jul 15, 2020affected >= 5.5.0, < 5.5.61fixed 5.5.61
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto
- CVE-2020-2922Apr 15, 2020affected >= 5.5.0, < 5.5.65fixed 5.5.65
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
- CVE-2020-2814Apr 15, 2020affected >= 10.1.0, < 10.1.45fixed 10.1.45
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2020-2812Apr 15, 2020affected >= 5.5.0, < 5.5.68fixed 5.5.68
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access
- CVE-2020-2780Apr 15, 2020affected >= 5.5.0, < 5.5.66fixed 5.5.66
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
- CVE-2020-2760Apr 15, 2020affected >= 10.2.0, < 10.2.32fixed 10.2.32
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
Page 5 of 6