Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
percona vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-1027
The version checking subroutine in percona-toolkit prior to 2.2.13 and xtrabackup prior to 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the malicious user to respond with modified comma...
Percona Xtrabackup
Percona Toolkit
383
VMScore
CVE-2016-6225
xbcrypt in Percona XtraBackup prior to 2.3.6 and 2.4.x prior to 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent malicious users to obtain sensitive information from encrypted backup files via a Chosen-Plaintex...
Percona Xtrabackup
Percona Xtrabackup 2.4.1
Percona Xtrabackup 2.4.0
Percona Xtrabackup 2.4.3
Percona Xtrabackup 2.4.2
Percona Xtrabackup 2.4.4
Opensuse Leap 42.2
Opensuse Leap 42.1
Fedoraproject Fedora 25
Fedoraproject Fedora 24
356
VMScore
CVE-2022-26944
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_hi...
Percona Xtrabackup 2.4.20
356
VMScore
CVE-2020-10997
Percona XtraBackup prior to 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtra...
Percona Xtrabackup
187
VMScore
CVE-2013-6394
Percona XtraBackup prior to 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
Percona Xtrabackup 2.1.1
Percona Xtrabackup 2.1.0
Percona Xtrabackup
Percona Xtrabackup 2.1.4
Percona Xtrabackup 2.1.3
Percona Xtrabackup 2.1.2
Opensuse Opensuse 13.1
NA
CVE-2022-25834
In Percona XtraBackup (PXB) up to and including 2.2.24 and 3.x up to and including 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.
Percona Xtrabackup
NA
CVE-2023-34409
In Percona Monitoring and Management (PMM) server 2.x prior to 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made...
Percona Monitoring And Management
NA
CVE-2022-45866
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.
Qpress Project Qpress
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2022-34968
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows malicious users to cause a Denial of Service (DoS) via a SQL query.
Percona Percona Server 8.0.28-19
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2