rpm package
opensuse/mariadb&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/mariadb&distro=openSUSE%20Leap%2015.6
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-13699 | Hig | 7.0 | < 10.11.15-150600.4.17.1 | 10.11.15-150600.4.17.1 | Dec 23, 2025 | MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but | |
| CVE-2025-30722 | — | < 10.11.14-150600.4.14.1 | 10.11.14-150600.4.14.1 | Apr 15, 2025 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto | ||
| CVE-2025-30693 | — | < 10.11.14-150600.4.14.1 | 10.11.14-150600.4.14.1 | Apr 15, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp | ||
| CVE-2023-52971 | Med | 4.9 | < 10.11.14-150600.4.14.1 | 10.11.14-150600.4.14.1 | Mar 8, 2025 | MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. | |
| CVE-2023-52970 | Med | 4.9 | < 10.11.14-150600.4.14.1 | 10.11.14-150600.4.14.1 | Mar 8, 2025 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. | |
| CVE-2023-52969 | Med | 4.9 | < 10.11.14-150600.4.14.1 | 10.11.14-150600.4.14.1 | Mar 8, 2025 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. | |
| CVE-2025-21490 | — | < 10.11.11-150600.4.10.1 | 10.11.11-150600.4.10.1 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2024-21096 | — | < 10.11.8-150600.4.3.1 | 10.11.8-150600.4.3.1 | Apr 16, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MyS |
- affected < 10.11.15-150600.4.17.1fixed 10.11.15-150600.4.17.1
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but
- CVE-2025-30722Apr 15, 2025affected < 10.11.14-150600.4.14.1fixed 10.11.14-150600.4.14.1
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto
- CVE-2025-30693Apr 15, 2025affected < 10.11.14-150600.4.14.1fixed 10.11.14-150600.4.14.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp
- affected < 10.11.14-150600.4.14.1fixed 10.11.14-150600.4.14.1
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
- affected < 10.11.14-150600.4.14.1fixed 10.11.14-150600.4.14.1
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
- affected < 10.11.14-150600.4.14.1fixed 10.11.14-150600.4.14.1
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
- CVE-2025-21490Jan 21, 2025affected < 10.11.11-150600.4.10.1fixed 10.11.11-150600.4.10.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2024-21096Apr 16, 2024affected < 10.11.8-150600.4.3.1fixed 10.11.8-150600.4.3.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MyS