Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
percona vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-25834
In Percona XtraBackup (PXB) up to and including 2.2.24 and 3.x up to and including 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.
Percona Xtrabackup
NA
CVE-2023-34409
In Percona Monitoring and Management (PMM) server 2.x prior to 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made...
Percona Monitoring And Management
NA
CVE-2022-45866
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.
Qpress Project Qpress
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2022-34968
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows malicious users to cause a Denial of Service (DoS) via a SQL query.
Percona Percona Server 8.0.28-19
4
CVSSv2
CVE-2022-26944
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_hi...
Percona Xtrabackup 2.4.20
6.8
CVSSv2
CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote malicious user to execute arbitrary commands on galera cluster nodes. This threatens the system's confide...
Mariadb Mariadb
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Percona Xtradb Cluster
Galeracluster Galera Cluster For Mysql
9
CVSSv2
CVE-2021-27928
A remote code execution issue exists in MariaDB 10.2 prior to 10.2.37, 10.3 prior to 10.3.28, 10.4 prior to 10.4.18, and 10.5 prior to 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in...
Mariadb Mariadb
Percona Percona Server
Galeracluster Wsrep
Debian Debian Linux 9.0
10 Github repositories
7.5
CVSSv2
CVE-2020-26542
An issue exists in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank ...
Percona Percona Server
6.8
CVSSv2
CVE-2020-10996
An issue exists in Percona XtraDB Cluster prior to 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
Percona Xtradb Cluster
4
CVSSv2
CVE-2020-10997
Percona XtraBackup prior to 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtra...
Percona Xtrabackup
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »