rpm package

suse/mariadb&distro=SUSE Linux Enterprise Server 12 SP4

pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4

Vulnerabilities (31)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-13249	—	< 10.2.32-3.28.2	10.2.32-3.28.2	May 20, 2020	libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Or
CVE-2020-2814	—	< 10.2.32-3.28.2	10.2.32-3.28.2	Apr 15, 2020	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
CVE-2020-2812	—	< 10.2.32-3.28.2	10.2.32-3.28.2	Apr 15, 2020	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access
CVE-2020-2760	—	< 10.2.32-3.28.2	10.2.32-3.28.2	Apr 15, 2020	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
CVE-2020-2752	—	< 10.2.32-3.28.2	10.2.32-3.28.2	Apr 15, 2020	Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto
CVE-2019-18901	—	< 10.2.31-3.25.1	10.2.31-3.25.1	Mar 2, 2020	A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Li
CVE-2020-2574	—	< 10.2.31-3.25.1	10.2.31-3.25.1	Jan 15, 2020	Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
CVE-2019-2974	—	< 10.2.29-3.22.1	10.2.29-3.22.1	Oct 16, 2019	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult
CVE-2019-2938	—	< 10.2.29-3.22.1	10.2.29-3.22.1	Oct 16, 2019	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
CVE-2019-2805	—	< 10.2.29-3.22.1	10.2.29-3.22.1	Jul 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu
CVE-2019-2758	—	< 10.2.29-3.22.1	10.2.29-3.22.1	Jul 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2019-2740	—	< 10.2.29-3.22.1	10.2.29-3.22.1	Jul 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi
CVE-2019-2739	—	< 10.2.29-3.22.1	10.2.29-3.22.1	Jul 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon
CVE-2019-2737	—	< 10.2.29-3.22.1	10.2.29-3.22.1	Jul 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network acc
CVE-2019-2628	—	< 10.2.25-3.19.2	10.2.25-3.19.2	Apr 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2019-2627	—	< 10.2.25-3.19.2	10.2.25-3.19.2	Apr 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
CVE-2019-2614	—	< 10.2.25-3.19.2	10.2.25-3.19.2	Apr 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
CVE-2019-2537	—	< 10.2.22-3.14.1	10.2.22-3.14.1	Jan 16, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mult
CVE-2019-2510	—	< 10.2.22-3.14.1	10.2.22-3.14.1	Jan 16, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2018-3284	—	< 10.2.21-3.7.1	10.2.21-3.7.1	Oct 17, 2018	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to com

CVE-2020-13249May 20, 2020
affected < 10.2.32-3.28.2fixed 10.2.32-3.28.2
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Or
CVE-2020-2814Apr 15, 2020
affected < 10.2.32-3.28.2fixed 10.2.32-3.28.2
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
CVE-2020-2812Apr 15, 2020
affected < 10.2.32-3.28.2fixed 10.2.32-3.28.2
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access
CVE-2020-2760Apr 15, 2020
affected < 10.2.32-3.28.2fixed 10.2.32-3.28.2
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
CVE-2020-2752Apr 15, 2020
affected < 10.2.32-3.28.2fixed 10.2.32-3.28.2
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto
CVE-2019-18901Mar 2, 2020
affected < 10.2.31-3.25.1fixed 10.2.31-3.25.1
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Li
CVE-2020-2574Jan 15, 2020
affected < 10.2.31-3.25.1fixed 10.2.31-3.25.1
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
CVE-2019-2974Oct 16, 2019
affected < 10.2.29-3.22.1fixed 10.2.29-3.22.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult
CVE-2019-2938Oct 16, 2019
affected < 10.2.29-3.22.1fixed 10.2.29-3.22.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
CVE-2019-2805Jul 23, 2019
affected < 10.2.29-3.22.1fixed 10.2.29-3.22.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu
CVE-2019-2758Jul 23, 2019
affected < 10.2.29-3.22.1fixed 10.2.29-3.22.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2019-2740Jul 23, 2019
affected < 10.2.29-3.22.1fixed 10.2.29-3.22.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi
CVE-2019-2739Jul 23, 2019
affected < 10.2.29-3.22.1fixed 10.2.29-3.22.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon
CVE-2019-2737Jul 23, 2019
affected < 10.2.29-3.22.1fixed 10.2.29-3.22.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network acc
CVE-2019-2628Apr 23, 2019
affected < 10.2.25-3.19.2fixed 10.2.25-3.19.2
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2019-2627Apr 23, 2019
affected < 10.2.25-3.19.2fixed 10.2.25-3.19.2
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
CVE-2019-2614Apr 23, 2019
affected < 10.2.25-3.19.2fixed 10.2.25-3.19.2
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
CVE-2019-2537Jan 16, 2019
affected < 10.2.22-3.14.1fixed 10.2.22-3.14.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mult
CVE-2019-2510Jan 16, 2019
affected < 10.2.22-3.14.1fixed 10.2.22-3.14.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2018-3284Oct 17, 2018
affected < 10.2.21-3.7.1fixed 10.2.21-3.7.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to com

Page 1 of 2