CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-15180 – mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
https://notcve.org/view.php?id=CVE-2020-15180
28 Oct 2020 — A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. Se encontró un fallo en el componente mysql-wsrep de mariadb. • https://bugzilla.redhat.com/show_bug.cgi?id=1894919 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10996
https://notcve.org/view.php?id=CVE-2020-10996
27 Apr 2020 — An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected. Se detectó un problema en Percona XtraDB Cluster en versiones anteriores a la 5.7.28-31.41.2. Un script empaquetado establece inadvertidamente un transition_key estático para los procesos SST en lugar de la clave aleatoria esperada. • https://jira.percona.com/browse/PXC-3117 • CWE-798: Use of Hard-coded Credentials CWE-838: Inappropriate Encoding for Output Context •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15365 – mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks
https://notcve.org/view.php?id=CVE-2017-15365
25 Jan 2018 — sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. sql/event_data_objects.cc en MariaDB en versiones anteriores a la 10.1.30 y 10.2.x anteriores a la 10.2.10 y Percona Xtra... • https://access.redhat.com/errata/RHSA-2019:1258 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 6%CPEs: 12EXPL: 4CVE-2016-6664 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6664
02 Nov 2016 — mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. mysqld_safe en Oracle MySQL hasta la versión 5.5.5... • https://packetstorm.news/files/id/139491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 4CVE-2016-6663 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
https://notcve.org/view.php?id=CVE-2016-6663
31 Oct 2016 — Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.... • https://packetstorm.news/files/id/139476 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •