CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2021-2154 – mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2154
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE https://security.gentoo.org/glsa/202105-27 https://security.gentoo.org/glsa/202105-28 https://security.netapp.com/advisory/ntap-20210513-0002 https://www.oracle.co •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2021-2144 – mysql: Server: Parser unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2144
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.netapp.com/advisory/ntap-20210513-0002 https://www.oracle.com/security-alerts/cpuapr2021.html https://access.redhat.com/security/cve/CVE-2021-2144 https://bugzilla.redhat.com/show_bug.cgi?id=1951749 •
CVSS: 9.0EPSS: 1%CPEs: 7EXPL: 5CVE-2021-27928 – MariaDB 10.2 - 'wsrep_provider' OS Command Execution
https://notcve.org/view.php?id=CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. Se detectó un problema de ejecución de código remota en MariaDB versiones 10.2 anteriores a 10.2.37, versiones 10.3 anteriores a 10.3.28, versiones 10.4 anteriores a 10.4.18 y versiones 10.5 anteriores a 10.5.9; Percona Server versiones hasta el 03-03-2021; y el parche de wsrep versiones hasta el 03-03-2021 para MySQL. Una ruta de búsqueda que no es confiable conlleva a una inyección eval, en la que un usuario SUPER de la base de datos puede ejecutar comandos del Sistema Operativo después de modificar las funciones wsrep_provider y wsrep_notify_cmd. • https://www.exploit-db.com/exploits/49765 https://github.com/Al1ex/CVE-2021-27928 https://github.com/shamo0/CVE-2021-27928-POC https://github.com/LalieA/CVE-2021-27928 http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html https://jira.mariadb.org/browse/MDEV-25179 https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html https://mariadb.com/kb/en/mariadb-10237-release-notes https://mariadb.com/kb/en/mariadb-10328-release-notes https:/& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-2022 – mysql: InnoDB unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210219-0003 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2022 https://bugzilla.redhat.com/show_bug.cgi?id=1922389 •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2021-2007 – mysql: C API unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2007
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210622-0001 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2007 https://bugzilla.redhat.com/show_bug.cgi?id=1922382 •