Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
percona vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-7920
pmm-server in Percona Monitoring and Management (PMM) 2.2.x prior to 2.2.1 allows unauthenticated denial of service.
Percona Monitoring And Management
7.2
CVSSv3
CVE-2021-27928
A remote code execution issue exists in MariaDB 10.2 prior to 10.2.37, 10.3 prior to 10.3.28, 10.4 prior to 10.4.18, and 10.5 prior to 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in...
Mariadb Mariadb
Percona Percona Server
Galeracluster Wsrep
Debian Debian Linux 9.0
10 Github repositories
7
CVSSv3
CVE-2016-6664
mysqld_safe in Oracle MySQL up to and including 5.5.51, 5.6.x up to and including 5.6.32, and 5.7.x up to and including 5.7.14; MariaDB; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, ...
Oracle Mysql
Mariadb Mariadb
Percona Percona Server
Percona Xtradb Cluster
1 EDB exploit
1 Github repository
1 Article
6.5
CVSSv3
CVE-2022-26944
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_hi...
Percona Xtrabackup 2.4.20
6.5
CVSSv3
CVE-2020-10997
Percona XtraBackup prior to 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtra...
Percona Xtrabackup
5.9
CVSSv3
CVE-2015-1027
The version checking subroutine in percona-toolkit prior to 2.2.13 and xtrabackup prior to 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the malicious user to respond with modified comma...
Percona Xtrabackup
Percona Toolkit
5.9
CVSSv3
CVE-2016-6225
xbcrypt in Percona XtraBackup prior to 2.3.6 and 2.4.x prior to 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent malicious users to obtain sensitive information from encrypted backup files via a Chosen-Plaintex...
Percona Xtrabackup
Percona Xtrabackup 2.4.1
Percona Xtrabackup 2.4.0
Percona Xtrabackup 2.4.3
Percona Xtrabackup 2.4.2
Percona Xtrabackup 2.4.4
Opensuse Leap 42.2
Opensuse Leap 42.1
Fedoraproject Fedora 25
Fedoraproject Fedora 24
5.3
CVSSv3
CVE-2022-45866
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.
Qpress Project Qpress
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2013-6394
Percona XtraBackup prior to 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
Percona Xtrabackup 2.1.1
Percona Xtrabackup 2.1.0
Percona Xtrabackup
Percona Xtrabackup 2.1.4
Percona Xtrabackup 2.1.3
Percona Xtrabackup 2.1.2
Opensuse Opensuse 13.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2