Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-27928

Опубликовано: 19 мар. 2021
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 9
CVSS3: 7.2

Описание

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

esm-apps/bionic

needs-triage

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/focal

needed

esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needed
groovy

ignored

end of life
hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

not-affected

1:10.5.9-1
impish

not-affected

1:10.5.9-1
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 98%
0.48947
Средний

9 Critical

CVSS2

7.2 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-27928

CVSS3: 7.2
redhat
больше 4 лет назад

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

nvd логотип

CVE-2021-27928

CVSS3: 7.2
nvd
больше 4 лет назад

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

msrc логотип

CVE-2021-27928

CVSS3: 7.2
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-27928

CVSS3: 7.2
debian
больше 4 лет назад

A remote code execution issue was discovered in MariaDB 10.2 before 10 ...

rocky логотип

RLSA-2021:1242

rocky
больше 4 лет назад

Important: mariadb:10.3 and mariadb-devel:10.3 security update

EPSS

Процентиль: 98%
0.48947
Средний

9 Critical

CVSS2

7.2 High

CVSS3