rpm package
suse/python-mysqlclient&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (219)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-46661 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Feb 1, 2022 | MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). | ||
| CVE-2021-46663 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Feb 1, 2022 | MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. | ||
| CVE-2021-46664 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Feb 1, 2022 | MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | ||
| CVE-2021-46665 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Feb 1, 2022 | MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. | ||
| CVE-2021-46668 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Feb 1, 2022 | MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. | ||
| CVE-2021-46669 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Feb 1, 2022 | MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | ||
| CVE-2021-46657 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Jan 29, 2022 | get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | ||
| CVE-2021-46658 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Jan 29, 2022 | save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | ||
| CVE-2021-46659 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Jan 29, 2022 | MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | ||
| CVE-2021-35604 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Oct 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | ||
| CVE-2021-2389 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Jul 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi | ||
| CVE-2021-2372 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Jul 20, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi | ||
| CVE-2020-15180 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | May 27, 2021 | A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, i | ||
| CVE-2021-2166 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2021-2154 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Apr 22, 2021 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S | ||
| CVE-2021-27928 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Mar 19, 2021 | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in | ||
| CVE-2020-14812 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi | ||
| CVE-2020-14789 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2020-14776 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise | ||
| CVE-2020-14765 | — | < 1.4.6-150100.3.3.7 | 1.4.6-150100.3.3.7 | Oct 21, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p |
- CVE-2021-46661Feb 1, 2022affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
- CVE-2021-46663Feb 1, 2022affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
- CVE-2021-46664Feb 1, 2022affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
- CVE-2021-46665Feb 1, 2022affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
- CVE-2021-46668Feb 1, 2022affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
- CVE-2021-46669Feb 1, 2022affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
- CVE-2021-46657Jan 29, 2022affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
- CVE-2021-46658Jan 29, 2022affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
- CVE-2021-46659Jan 29, 2022affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
- CVE-2021-35604Oct 20, 2021affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- CVE-2021-2389Jul 20, 2021affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi
- CVE-2021-2372Jul 20, 2021affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
- CVE-2020-15180May 27, 2021affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, i
- CVE-2021-2166Apr 22, 2021affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2021-2154Apr 22, 2021affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. S
- CVE-2021-27928Mar 19, 2021affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in
- CVE-2020-14812Oct 21, 2020affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
- CVE-2020-14789Oct 21, 2020affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2020-14776Oct 21, 2020affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise
- CVE-2020-14765Oct 21, 2020affected < 1.4.6-150100.3.3.7fixed 1.4.6-150100.3.3.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
Page 3 of 11