Bitnami package
mariadb
pkg:bitnami/mariadb
Vulnerabilities (113)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-46661 | Med | 5.5 | >= 10.2.0, < 10.2.43 | 10.2.43 | Feb 1, 2022 | MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). | |
| CVE-2021-46659 | Med | 5.5 | >= 5.5.0, < 10.2.42 | 10.2.42 | Jan 29, 2022 | MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | |
| CVE-2021-46658 | Med | 5.5 | >= 10.2.0, < 10.2.40 | 10.2.40 | Jan 29, 2022 | save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | |
| CVE-2021-46657 | Med | 5.5 | >= 10.0.0, < 10.2.39 | 10.2.39 | Jan 29, 2022 | get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | |
| CVE-2021-35604 | Med | 5.5 | >= 10.2.0, < 10.2.41 | 10.2.41 | Oct 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | |
| CVE-2021-2389 | Med | 5.9 | >= 10.2.0, < 10.2.40 | 10.2.40 | Jul 21, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi | |
| CVE-2021-2372 | Med | 4.4 | >= 10.2.0, < 10.2.40 | 10.2.40 | Jul 21, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi | |
| CVE-2020-15180 | Cri | 9.0 | >= 10.1.0, < 10.1.47 | 10.1.47 | May 27, 2021 | A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, i | |
| CVE-2021-2194 | Med | 4.9 | >= 10.2.0, < 10.2.35 | 10.2.35 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | |
| CVE-2021-2180 | Med | 4.9 | >= 10.2.0, < 10.2.38 | 10.2.38 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | |
| CVE-2021-2174 | Med | 4.4 | >= 10.2.0, < 10.2.18 | 10.2.18 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi | |
| CVE-2021-2166 | Med | 4.9 | >= 10.2.0, < 10.2.38 | 10.2.38 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2021-2154 | Med | 4.9 | >= 10.2.0, < 10.2.38 | 10.2.38 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S | |
| CVE-2021-2144 | Hig | 7.2 | >= 5.5.0, < 5.5.66 | 5.5.66 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co | |
| CVE-2021-27928 | Hig | 7.2 | >= 10.2.0, < 10.2.37 | 10.2.37 | Mar 19, 2021 | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in | |
| CVE-2021-2032 | Med | 4.3 | >= 10.0.0, < 10.0.11 | 10.0.11 | Jan 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to | |
| CVE-2021-2022 | Med | 4.4 | >= 10.1.0, < 10.1.46 | 10.1.46 | Jan 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro | |
| CVE-2021-2011 | Med | 5.9 | >= 5.5.0, < 5.5.61 | 5.5.61 | Jan 20, 2021 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromis | |
| CVE-2021-2007 | Low | 3.7 | >= 5.5.0, < 5.5.65 | 5.5.65 | Jan 20, 2021 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot | |
| CVE-2020-28912 | Hig | 7.0 | < 10.1.48 | 10.1.48 | Dec 24, 2020 | With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the da |
- affected >= 10.2.0, < 10.2.43fixed 10.2.43
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
- affected >= 5.5.0, < 10.2.42fixed 10.2.42
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
- affected >= 10.2.0, < 10.2.40fixed 10.2.40
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
- affected >= 10.0.0, < 10.2.39fixed 10.2.39
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
- affected >= 10.2.0, < 10.2.41fixed 10.2.41
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- affected >= 10.2.0, < 10.2.40fixed 10.2.40
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi
- affected >= 10.2.0, < 10.2.40fixed 10.2.40
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
- affected >= 10.1.0, < 10.1.47fixed 10.1.47
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, i
- affected >= 10.2.0, < 10.2.35fixed 10.2.35
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- affected >= 10.2.0, < 10.2.38fixed 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- affected >= 10.2.0, < 10.2.18fixed 10.2.18
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
- affected >= 10.2.0, < 10.2.38fixed 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected >= 10.2.0, < 10.2.38fixed 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S
- affected >= 5.5.0, < 5.5.66fixed 5.5.66
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co
- affected >= 10.2.0, < 10.2.37fixed 10.2.37
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in
- affected >= 10.0.0, < 10.0.11fixed 10.0.11
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to
- affected >= 10.1.0, < 10.1.46fixed 10.1.46
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro
- affected >= 5.5.0, < 5.5.61fixed 5.5.61
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromis
- affected >= 5.5.0, < 5.5.65fixed 5.5.65
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
- affected < 10.1.48fixed 10.1.48
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the da
Page 5 of 6