CVSS: 9.0EPSS: 1%CPEs: 7EXPL: 5CVE-2021-27928 – MariaDB 10.2 - 'wsrep_provider' OS Command Execution
https://notcve.org/view.php?id=CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. Se detectó un problema de ejecución de código remota en MariaDB versiones 10.2 anteriores a 10.2.37, versiones 10.3 anteriores a 10.3.28, versiones 10.4 anteriores a 10.4.18 y versiones 10.5 anteriores a 10.5.9; Percona Server versiones hasta el 03-03-2021; y el parche de wsrep versiones hasta el 03-03-2021 para MySQL. Una ruta de búsqueda que no es confiable conlleva a una inyección eval, en la que un usuario SUPER de la base de datos puede ejecutar comandos del Sistema Operativo después de modificar las funciones wsrep_provider y wsrep_notify_cmd. • https://www.exploit-db.com/exploits/49765 https://github.com/Al1ex/CVE-2021-27928 https://github.com/shamo0/CVE-2021-27928-POC https://github.com/LalieA/CVE-2021-27928 http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html https://jira.mariadb.org/browse/MDEV-25179 https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html https://mariadb.com/kb/en/mariadb-10237-release-notes https://mariadb.com/kb/en/mariadb-10328-release-notes https:/& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-2022 – mysql: InnoDB unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210219-0003 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2022 https://bugzilla.redhat.com/show_bug.cgi?id=1922389 •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2021-2007 – mysql: C API unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2007
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210622-0001 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2007 https://bugzilla.redhat.com/show_bug.cgi?id=1922382 •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28912
https://notcve.org/view.php?id=CVE-2020-28912
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503. • https://hackerone.com/reports/1019891 https://jira.mariadb.org/browse/MDEV-24040 •
CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-15180 – mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
https://notcve.org/view.php?id=CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. Se encontró un fallo en el componente mysql-wsrep de mariadb. • https://bugzilla.redhat.com/show_bug.cgi?id=1894919 https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html https://security.gentoo.org/glsa/202011-14 https://www.debian.org/security/2020/dsa-4776 https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster https://access.redhat.com/security/cve/CVE-2020-15180 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •