rpm package
opensuse/mariadb&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/mariadb&distro=openSUSE%20Tumbleweed
Vulnerabilities (125)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-27928 | — | < 10.6.5-3.1 | 10.6.5-3.1 | Mar 19, 2021 | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in | ||
| CVE-2020-14812 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi | ||
| CVE-2020-14789 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2020-13249 | — | < 10.6.4-2.1 | 10.6.4-2.1 | May 20, 2020 | libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Or | ||
| CVE-2020-2752 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Apr 15, 2020 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto | ||
| CVE-2019-18901 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Mar 2, 2020 | A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Li | ||
| CVE-2020-7221 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Feb 4, 2020 | mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect t | ||
| CVE-2020-2574 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Jan 15, 2020 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot | ||
| CVE-2019-2974 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Oct 16, 2019 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult | ||
| CVE-2019-2805 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu | ||
| CVE-2019-2758 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2019-2614 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces | ||
| CVE-2019-2510 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Jan 16, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2019-2503 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Jan 16, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access | ||
| CVE-2018-3282 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacke | ||
| CVE-2018-3200 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2018-3185 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2018-3174 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with | ||
| CVE-2018-3162 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2018-3156 | — | < 10.6.4-2.1 | 10.6.4-2.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p |
- CVE-2021-27928Mar 19, 2021affected < 10.6.5-3.1fixed 10.6.5-3.1
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in
- CVE-2020-14812Oct 21, 2020affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
- CVE-2020-14789Oct 21, 2020affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2020-13249May 20, 2020affected < 10.6.4-2.1fixed 10.6.4-2.1
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Or
- CVE-2020-2752Apr 15, 2020affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto
- CVE-2019-18901Mar 2, 2020affected < 10.6.4-2.1fixed 10.6.4-2.1
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Li
- CVE-2020-7221Feb 4, 2020affected < 10.6.4-2.1fixed 10.6.4-2.1
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect t
- CVE-2020-2574Jan 15, 2020affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
- CVE-2019-2974Oct 16, 2019affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult
- CVE-2019-2805Jul 23, 2019affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu
- CVE-2019-2758Jul 23, 2019affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2019-2614Apr 23, 2019affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
- CVE-2019-2510Jan 16, 2019affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2019-2503Jan 16, 2019affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access
- CVE-2018-3282Oct 17, 2018affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacke
- CVE-2018-3200Oct 17, 2018affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2018-3185Oct 17, 2018affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2018-3174Oct 17, 2018affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with
- CVE-2018-3162Oct 17, 2018affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2018-3156Oct 17, 2018affected < 10.6.4-2.1fixed 10.6.4-2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
Page 3 of 7