Bitnami package
mysql-client
pkg:bitnami/mysql-client
Vulnerabilities (113)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-46669 | — | < 10.2.44 | 10.2.44 | Feb 1, 2022 | MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | ||
| CVE-2021-46657 | — | >= 10.0.0, < 10.2.39 | 10.2.39 | Jan 29, 2022 | get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | ||
| CVE-2021-46658 | — | >= 10.2.0, < 10.2.40 | 10.2.40 | Jan 29, 2022 | save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | ||
| CVE-2021-46659 | — | >= 5.5.0, < 10.2.42 | 10.2.42 | Jan 29, 2022 | MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | ||
| CVE-2021-35604 | — | >= 10.2.0, < 10.2.41 | 10.2.41 | Oct 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | ||
| CVE-2021-2389 | — | >= 10.2.0, < 10.2.40 | 10.2.40 | Jul 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi | ||
| CVE-2021-2372 | — | >= 10.2.0, < 10.2.40 | 10.2.40 | Jul 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi | ||
| CVE-2020-15180 | — | >= 10.1.0, < 10.1.47 | 10.1.47 | May 27, 2021 | A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, i | ||
| CVE-2021-2194 | — | >= 10.2.0, < 10.2.35 | 10.2.35 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | ||
| CVE-2021-2180 | — | >= 10.2.0, < 10.2.38 | 10.2.38 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | ||
| CVE-2021-2174 | — | >= 10.2.0, < 10.2.18 | 10.2.18 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi | ||
| CVE-2021-2166 | — | >= 10.2.0, < 10.2.38 | 10.2.38 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2021-2154 | — | >= 10.2.0, < 10.2.38 | 10.2.38 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S | ||
| CVE-2021-2144 | — | >= 5.5.0, < 5.5.66 | 5.5.66 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co | ||
| CVE-2021-27928 | — | >= 10.2.0, < 10.2.37 | 10.2.37 | Mar 19, 2021 | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in | ||
| CVE-2021-2032 | — | >= 10.0.0, < 10.0.11 | 10.0.11 | Jan 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to | ||
| CVE-2021-2022 | — | >= 10.1.0, < 10.1.46 | 10.1.46 | Jan 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro | ||
| CVE-2021-2011 | — | >= 5.5.0, < 5.5.61 | 5.5.61 | Jan 20, 2021 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromis | ||
| CVE-2021-2007 | — | >= 5.5.0, < 5.5.65 | 5.5.65 | Jan 20, 2021 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot | ||
| CVE-2020-28912 | — | < 10.1.48 | 10.1.48 | Dec 24, 2020 | With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the da |
- CVE-2021-46669Feb 1, 2022affected < 10.2.44fixed 10.2.44
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
- CVE-2021-46657Jan 29, 2022affected >= 10.0.0, < 10.2.39fixed 10.2.39
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
- CVE-2021-46658Jan 29, 2022affected >= 10.2.0, < 10.2.40fixed 10.2.40
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
- CVE-2021-46659Jan 29, 2022affected >= 5.5.0, < 10.2.42fixed 10.2.42
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
- CVE-2021-35604Oct 20, 2021affected >= 10.2.0, < 10.2.41fixed 10.2.41
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- CVE-2021-2389Jul 20, 2021affected >= 10.2.0, < 10.2.40fixed 10.2.40
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi
- CVE-2021-2372Jul 20, 2021affected >= 10.2.0, < 10.2.40fixed 10.2.40
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
- CVE-2020-15180May 27, 2021affected >= 10.1.0, < 10.1.47fixed 10.1.47
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, i
- CVE-2021-2194Apr 22, 2021affected >= 10.2.0, < 10.2.35fixed 10.2.35
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- CVE-2021-2180Apr 22, 2021affected >= 10.2.0, < 10.2.38fixed 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- CVE-2021-2174Apr 22, 2021affected >= 10.2.0, < 10.2.18fixed 10.2.18
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
- CVE-2021-2166Apr 22, 2021affected >= 10.2.0, < 10.2.38fixed 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2021-2154Apr 22, 2021affected >= 10.2.0, < 10.2.38fixed 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S
- CVE-2021-2144Apr 22, 2021affected >= 5.5.0, < 5.5.66fixed 5.5.66
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co
- CVE-2021-27928Mar 19, 2021affected >= 10.2.0, < 10.2.37fixed 10.2.37
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in
- CVE-2021-2032Jan 20, 2021affected >= 10.0.0, < 10.0.11fixed 10.0.11
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to
- CVE-2021-2022Jan 20, 2021affected >= 10.1.0, < 10.1.46fixed 10.1.46
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro
- CVE-2021-2011Jan 20, 2021affected >= 5.5.0, < 5.5.61fixed 5.5.61
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromis
- CVE-2021-2007Jan 20, 2021affected >= 5.5.0, < 5.5.65fixed 5.5.65
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
- CVE-2020-28912Dec 24, 2020affected < 10.1.48fixed 10.1.48
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the da
Page 5 of 6