GHSA-83Q8-2HC2-HGQR vulnerabilities

Vulnerabilities for packages: mysql...

GHSA-2Q9X-HQ7P-V7M6 vulnerabilities

Vulnerabilities for packages: mysql...

GHSA-288R-8C88-J3W5 vulnerabilities

Vulnerabilities for packages: mysql...

mysql: Optimizer unspecified vulnerability (CPU Jan 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network...

mysql: mariadb: mysqldump unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

mysql: mariadb: InnoDB unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-872)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-872 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

AlmaLinux 9 : mysql:8.4 (ALSA-2025:23111)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23111 advisory. mysql: DML unspecified vulnerability CPU Oct 2025 CVE-2025-53053 mysql: InnoDB unspecified vulnerability CPU Oct 2025 CVE-2025-53044 mysql: InnoDB...

CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include()

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include()

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

Arbitrary SQL Execution

Neuron is vulnerable to arbitrary SQL execution. The vulnerability is due to the MySQLWriteTool executing caller‑provided SQL using PDO::prepare and execute without semantic restrictions, where an attacker can inject destructive statements such as DROP TABLE, TRUNCATE, DELETE, or ALTER via...

Deserialization Of Untrusted Data

Dataease is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper validation of JDBC connection parameters in the MysqlConfiguration class, which allows an attacker to connect to a malicious MySQL server and execute arbitrary system commands through deserialization...

Remote Code Execution (RCE)

MySQL Connector/J is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unspecified flaw in Connector/J that allows an unauthenticated attacker with network access to compromise the connector through user interaction, potentially resulting in complete takeover of the affected...

Oracle Linux 8 : mysql:8.0 (ELSA-2025-23134)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23134 advisory. mecab mecab-ipadic mysql 8.0.44-1 - Rebase to MySQL 8.0.44 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

Oracle Linux 9 : mysql (ELSA-2025-23109)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23109 advisory. 8.0.44-1 - Rebase to MySQL 8.0.44 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Security Bulletin: Vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookie might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookier. Vulnerabilities include an attacker is able to brute force something that was supposed to be random, ...

RHSA-2025:23137 Red Hat Security Advisory: mysql:8.4 security update

Bulletin has no description...

RHSA-2025:23134 Red Hat Security Advisory: mysql:8.0 security update

Bulletin has no description...

RHSA-2025:23111 Red Hat Security Advisory: mysql:8.4 security update

Bulletin has no description...

RHSA-2025:23109 Red Hat Security Advisory: mysql security update

Bulletin has no description...