#sql

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899083, BZ#1899087) Security Fix(es): * mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180) * mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: InnoDB unspecified vulnera...

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899084, BZ#1899088) Security Fix(es): * mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180) * mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: InnoDB unspecified vulnera...

An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898994) Security Fix(es): * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922) * mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249) * mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security iss...

An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898997) Security Fix(es): * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922) * mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249) * mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the se...

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899085, BZ#1899089) Security Fix(es): * mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180) * mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: ...

An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898996) Security Fix(es): * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922) * mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249) * mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security iss...