Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
percona vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-10996
An issue exists in Percona XtraDB Cluster prior to 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
Percona Xtradb Cluster
4
CVSSv2
CVE-2022-26944
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_hi...
Percona Xtrabackup 2.4.20
6.8
CVSSv2
CVE-2014-2029
The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle malicious users to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.
Percona Toolkit 2.1
NA
CVE-2023-34409
In Percona Monitoring and Management (PMM) server 2.x prior to 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made...
Percona Monitoring And Management
7.8
CVSSv2
CVE-2020-7920
pmm-server in Percona Monitoring and Management (PMM) 2.2.x prior to 2.2.1 allows unauthenticated denial of service.
Percona Monitoring And Management
6.5
CVSSv2
CVE-2017-15365
sql/event_data_objects.cc in MariaDB prior to 10.1.30 and 10.2.x prior to 10.2.10 and Percona XtraDB Cluster prior to 5.6.37-26.21-3 and 5.7.x prior to 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data defin...
Fedoraproject Fedora 26
Mariadb Mariadb
Percona Xtradb Cluster
6.8
CVSSv2
CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote malicious user to execute arbitrary commands on galera cluster nodes. This threatens the system's confide...
Mariadb Mariadb
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Percona Xtradb Cluster
Galeracluster Galera Cluster For Mysql
NA
CVE-2022-45866
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.
Qpress Project Qpress
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.2
CVSSv2
CVE-2017-15945
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages prior to 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging a...
Mysql Mysql
Mariadb Mariadb
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2