VYPR

Bitnami package

mysql-client

pkg:bitnami/mysql-client

Vulnerabilities (113)

  • CVE-2026-48165HigJun 12, 2026
    affected >= 10.6.1, < 10.6.27fixed 10.6.27

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_don

  • CVE-2026-48163HigJun 12, 2026
    affected >= 10.6.1, < 10.6.27fixed 10.6.27

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the

  • CVE-2026-44173MedJun 12, 2026
    affected >= 10.6.1, < 10.6.26fixed 10.6.26

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying

  • CVE-2026-44172CriJun 12, 2026
    affected >= 3.3.18, < 10.6.17fixed 10.6.17

    MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerabl

  • CVE-2026-44171MedJun 12, 2026
    affected >= 10.6.1, < 10.6.26fixed 10.6.26

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup

  • CVE-2026-44170CriJun 12, 2026
    affected >= 10.6.1, < 10.6.26fixed 10.6.26

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated

  • CVE-2026-44169MedJun 12, 2026
    affected >= 11.4.1, < 11.4.11fixed 11.4.11

    MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. Th

  • CVE-2026-44168HigJun 12, 2026
    affected >= 10.6.1, < 10.6.26fixed 10.6.26

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the

  • CVE-2026-49261CriJun 11, 2026
    affected >= 10.6.1, < 10.6.27fixed 10.6.27

    MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node

  • CVE-2026-35549MedApr 3, 2026
    affected < 11.4.10fixed 11.4.10

    An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha

  • CVE-2026-32710HigMar 20, 2026
    affected >= 11.4.1, < 11.4.10fixed 11.4.10

    MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code

  • CVE-2026-3494Mar 3, 2026
    affected < 10.6.25fixed 10.6.25

    In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) styl

  • CVE-2025-30722Apr 15, 2025
    affected < 10.6.22fixed 10.6.22

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto

  • CVE-2025-30693Apr 15, 2025
    affected < 10.6.22fixed 10.6.22

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp

  • CVE-2023-52971MedMar 8, 2025
    affected >= 10.10.0, < 10.11.12fixed 10.11.12

    MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.

  • CVE-2023-52970MedMar 8, 2025
    affected < 10.5.29fixed 10.5.29

    MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.

  • CVE-2023-52969MedMar 8, 2025
    affected < 10.5.29fixed 10.5.29

    MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.

  • CVE-2023-52968MedMar 8, 2025
    affected >= 10.4.0, < 10.4.33fixed 10.4.33

    MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table cr

  • CVE-2025-21490Jan 21, 2025
    affected < 10.6.21fixed 10.6.21

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto

  • CVE-2024-27766Oct 17, 2024
    affected >= 11.1.0, < 11.3.2fixed 11.3.2

    An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

Page 1 of 6