CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28912
https://notcve.org/view.php?id=CVE-2020-28912
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503. • https://hackerone.com/reports/1019891 https://jira.mariadb.org/browse/MDEV-24040 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15365 – mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks
https://notcve.org/view.php?id=CVE-2017-15365
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. sql/event_data_objects.cc en MariaDB en versiones anteriores a la 10.1.30 y 10.2.x anteriores a la 10.2.10 y Percona XtraDB Cluster anterior a 5.6.37-26.21-3 y 5.7.x anteriores a 5.7.19-29.22-3 permite que los usuarios autenticados remotos con acceso SQL omitan las restricciones de acceso y repliquen las sentencias DDL (Data Definition Language) para agrupar nodos utilizando una orden de replicación de DDL y una comprobación de listas de control de acceso incorrectas. It was discovered that MariaDB could replicate certain data definition language (DDL) commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without having privileges to perform such changes. • https://access.redhat.com/errata/RHSA-2019:1258 https://bugzilla.redhat.com/show_bug.cgi?id=1524234 https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK https://mariadb.com/kb/en/library/mariadb-10130-release-notes https://mariadb.com/kb/en/library/mariadb-10210-release-notes https://www.debian.org/security/2018/dsa-4341 https://www.percona.com/blog/2017 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15945
https://notcve.org/view.php?id=CVE-2017-15945
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. Los scripts de instalación en los paquetes dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster y dev-db/mariadb-galera de Gento en versiones anteriores a 2017-09-29 tiene llamadas chown para árboles de directorios modificables por los usuarios, lo que puede permitir que los usuarios locales obtengan privilegios aprovechando el acceso a la cuenta mysql para la creación de un enlace. • https://bugs.gentoo.org/630822 https://security.gentoo.org/glsa/201711-04 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2017-3302 – mysql: prepared statement handle use-after-free after disconnect
https://notcve.org/view.php?id=CVE-2017-3302
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. Caída en libmysqlclient.so en Oracle MySQL en versiones anteriores 5.6.21 y 5.7.x en versiones anteriores 5.7.5 y MariaDB hasta la versión 5.5.54, 10.0.x hasta la versión 10.0.29, 10.1.x hasta la versión 10.1.21 y 10.2.x hasta la versión 10.2.3. A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. • http://www.debian.org/security/2017/dsa-3809 http://www.debian.org/security/2017/dsa-3834 http://www.openwall.com/lists/oss-security/2017/02/11/11 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/96162 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.c • CWE-416: Use After Free •
CVSS: 3.5EPSS: 0%CPEs: 42EXPL: 0CVE-2016-0610 – mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0610
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad no especificada en Oracle MySQL 5.6.27 y versiones anteriores y MariaDB en versiones anteriores a 10.0.22 y 10.1.x en versiones anteriores a 10.1.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores no conocidos relacionados con InnoDB. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/81198 http://www.securitytracker.com/id/1034708 http://www.ubuntu.com/usn/USN-2881-1 https://access.redhat.com/errata/RHSA-2016:1132 https://mariadb.com/kb/en/mariadb/mariadb-1 •