Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
percona percona server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-34409
In Percona Monitoring and Management (PMM) server 2.x prior to 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made...
Percona Monitoring And Management
9.8
CVSSv3
CVE-2020-26542
An issue exists in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank ...
Percona Percona Server
9.8
CVSSv3
CVE-2019-12301
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.
Percona Percona Server 5.6.44-85.0-1
9
CVSSv3
CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote malicious user to execute arbitrary commands on galera cluster nodes. This threatens the system's confide...
Mariadb Mariadb
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Percona Xtradb Cluster
Galeracluster Galera Cluster For Mysql
8.8
CVSSv3
CVE-2017-15365
sql/event_data_objects.cc in MariaDB prior to 10.1.30 and 10.2.x prior to 10.2.10 and Percona XtraDB Cluster prior to 5.6.37-26.21-3 and 5.7.x prior to 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data defin...
Fedoraproject Fedora 26
Mariadb Mariadb
Percona Xtradb Cluster
7.8
CVSSv3
CVE-2017-15945
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages prior to 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging a...
Mysql Mysql
Mariadb Mariadb
7.5
CVSSv3
CVE-2022-34968
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows malicious users to cause a Denial of Service (DoS) via a SQL query.
Percona Percona Server 8.0.28-19
7.5
CVSSv3
CVE-2020-7920
pmm-server in Percona Monitoring and Management (PMM) 2.2.x prior to 2.2.1 allows unauthenticated denial of service.
Percona Monitoring And Management
7.2
CVSSv3
CVE-2021-27928
A remote code execution issue exists in MariaDB 10.2 prior to 10.2.37, 10.3 prior to 10.3.28, 10.4 prior to 10.4.18, and 10.5 prior to 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in...
Mariadb Mariadb
Percona Percona Server
Galeracluster Wsrep
Debian Debian Linux 9.0
10 Github repositories
7
CVSSv3
CVE-2016-6664
mysqld_safe in Oracle MySQL up to and including 5.5.51, 5.6.x up to and including 5.6.32, and 5.7.x up to and including 5.7.14; MariaDB; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, ...
Oracle Mysql
Mariadb Mariadb
Percona Percona Server
Percona Xtradb Cluster
1 EDB exploit
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »