rpm package
almalinux/Judy
pkg:rpm/almalinux/Judy
Vulnerabilities (94)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-46661 | Med | 5.5 | < 1.0.5-18.module_el8.6.0+3072+3c630e87 | 1.0.5-18.module_el8.6.0+3072+3c630e87 | Feb 1, 2022 | MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). | |
| CVE-2021-46659 | Med | 5.5 | < 1.0.5-18.module_el8.6.0+3072+3c630e87 | 1.0.5-18.module_el8.6.0+3072+3c630e87 | Jan 29, 2022 | MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | |
| CVE-2021-46658 | Med | 5.5 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Jan 29, 2022 | save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | |
| CVE-2021-46657 | Med | 5.5 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Jan 29, 2022 | get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | |
| CVE-2021-35604 | Med | 5.5 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Oct 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | |
| CVE-2021-2389 | Med | 5.9 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Jul 21, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi | |
| CVE-2021-2372 | Med | 4.4 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Jul 21, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi | |
| CVE-2020-15180 | Cri | 9.0 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | May 27, 2021 | A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, i | |
| CVE-2021-2166 | Med | 4.9 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2021-2154 | Med | 4.9 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S | |
| CVE-2021-27928 | Hig | 7.2 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Mar 19, 2021 | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in | |
| CVE-2020-14812 | Med | 4.9 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi | |
| CVE-2020-14789 | Med | 4.9 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2020-14776 | Med | 4.9 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | |
| CVE-2020-14765 | Med | 6.5 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p | |
| CVE-2020-13249 | Hig | 8.8 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | May 20, 2020 | libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Or | |
| CVE-2020-2814 | Med | 4.9 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | |
| CVE-2020-2812 | Med | 4.9 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access | |
| CVE-2020-2780 | Med | 6.5 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p | |
| CVE-2020-2760 | Med | 5.5 | < 1.0.5-18.module_el8.6.0+2867+72759d2f | 1.0.5-18.module_el8.6.0+2867+72759d2f | Apr 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise |
- affected < 1.0.5-18.module_el8.6.0+3072+3c630e87fixed 1.0.5-18.module_el8.6.0+3072+3c630e87
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
- affected < 1.0.5-18.module_el8.6.0+3072+3c630e87fixed 1.0.5-18.module_el8.6.0+3072+3c630e87
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, i
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Or
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
- affected < 1.0.5-18.module_el8.6.0+2867+72759d2ffixed 1.0.5-18.module_el8.6.0+2867+72759d2f
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
Page 4 of 5