Search CVE reports
31 – 40 of 1821 results
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows...
11 affected packages
mysql-5.5, mysql-5.7, mysql-8.0, mysql-8.4, mariadb...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mysql-5.5 | Not in release | Not in release | Not in release | — | — |
| mysql-5.7 | Not in release | Not in release | Not in release | — | Ignored |
| mysql-8.0 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| mysql-8.4 | Needs evaluation | Not in release | Not in release | — | — |
| mariadb | Not affected | Not affected | Not in release | — | — |
| mariadb-10.0 | Not in release | Not in release | Not in release | — | — |
| mariadb-10.1 | Not in release | Not in release | Not in release | — | Not affected |
| mariadb-10.3 | Not in release | Not in release | Not in release | Ignored | — |
| mariadb-10.6 | Not in release | Not in release | Not affected | — | — |
| percona-xtradb-cluster-5.6 | Not in release | Not in release | Not in release | — | — |
| percona-server-5.6 | Not in release | Not in release | Not in release | — | — |
Some fixes available 3 of 4
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop...
1 affected package
xdg-dbus-proxy
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xdg-dbus-proxy | Not affected | Fixed | Fixed | Needs evaluation | — |
Rejected reason: CVE confirmed to be a false positive
2 affected packages
golang-github-coreos-bbolt, golang-github-boltdb-bolt
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-bbolt | — | Not affected | Not affected | Not affected | Not affected |
| golang-github-boltdb-bolt | — | Not affected | Not affected | Not affected | Not affected |
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use...
5 affected packages
mariadb, mariadb-10.0, mariadb-10.1, mariadb-10.3, mariadb-10.6
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mariadb | Not affected | Needs evaluation | Not in release | — | — |
| mariadb-10.0 | Not in release | Not in release | Not in release | — | — |
| mariadb-10.1 | Not in release | Not in release | Not in release | — | Needs evaluation |
| mariadb-10.3 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mariadb-10.6 | Not in release | Not in release | Needs evaluation | — | — |
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded...
1 affected package
mongodb
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mongodb | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might...
5 affected packages
mariadb, mariadb-10.0, mariadb-10.1, mariadb-10.3, mariadb-10.6
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mariadb | Not affected | Needs evaluation | Not in release | — | — |
| mariadb-10.0 | Not in release | Not in release | Not in release | — | — |
| mariadb-10.1 | Not in release | Not in release | Not in release | — | Needs evaluation |
| mariadb-10.3 | Not in release | Not in release | Not in release | Needs evaluation | — |
| mariadb-10.6 | Not in release | Not in release | Needs evaluation | — | — |
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is...
1 affected package
mongodb
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mongodb | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
1 affected package
mongodb
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mongodb | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.
1 affected package
mongodb
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mongodb | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.
1 affected package
mongodb
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mongodb | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |