Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
percona vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-6394
Percona XtraBackup prior to 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
Percona Xtrabackup 2.1.1
Percona Xtrabackup 2.1.0
Percona Xtrabackup
Percona Xtrabackup 2.1.4
Percona Xtrabackup 2.1.3
Percona Xtrabackup 2.1.2
Opensuse Opensuse 13.1
9.8
CVSSv3
CVE-2020-26542
An issue exists in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank ...
Percona Percona Server
5.9
CVSSv3
CVE-2016-6225
xbcrypt in Percona XtraBackup prior to 2.3.6 and 2.4.x prior to 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent malicious users to obtain sensitive information from encrypted backup files via a Chosen-Plaintex...
Percona Xtrabackup
Percona Xtrabackup 2.4.1
Percona Xtrabackup 2.4.0
Percona Xtrabackup 2.4.3
Percona Xtrabackup 2.4.2
Percona Xtrabackup 2.4.4
Opensuse Leap 42.2
Opensuse Leap 42.1
Fedoraproject Fedora 25
Fedoraproject Fedora 24
7
CVSSv3
CVE-2016-6664
mysqld_safe in Oracle MySQL up to and including 5.5.51, 5.6.x up to and including 5.6.32, and 5.7.x up to and including 5.7.14; MariaDB; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, ...
Oracle Mysql
Mariadb Mariadb
Percona Percona Server
Percona Xtradb Cluster
1 EDB exploit
1 Github repository
1 Article
5.9
CVSSv3
CVE-2015-1027
The version checking subroutine in percona-toolkit prior to 2.2.13 and xtrabackup prior to 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the malicious user to respond with modified comma...
Percona Xtrabackup
Percona Toolkit
7.5
CVSSv3
CVE-2022-34968
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows malicious users to cause a Denial of Service (DoS) via a SQL query.
Percona Percona Server 8.0.28-19
9.8
CVSSv3
CVE-2019-12301
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.
Percona Percona Server 5.6.44-85.0-1
7.2
CVSSv3
CVE-2021-27928
A remote code execution issue exists in MariaDB 10.2 prior to 10.2.37, 10.3 prior to 10.3.28, 10.4 prior to 10.4.18, and 10.5 prior to 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in...
Mariadb Mariadb
Percona Percona Server
Galeracluster Wsrep
Debian Debian Linux 9.0
10 Github repositories
6.5
CVSSv3
CVE-2020-10997
Percona XtraBackup prior to 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtra...
Percona Xtrabackup
7.8
CVSSv3
CVE-2022-25834
In Percona XtraBackup (PXB) up to and including 2.2.24 and 3.x up to and including 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.
Percona Xtrabackup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »