Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
percona vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-34409
In Percona Monitoring and Management (PMM) server 2.x prior to 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made...
Percona Monitoring And Management
9.8
CVSSv3
CVE-2020-26542
An issue exists in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank ...
Percona Percona Server
9.8
CVSSv3
CVE-2019-12301
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.
Percona Percona Server 5.6.44-85.0-1
9
CVSSv3
CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote malicious user to execute arbitrary commands on galera cluster nodes. This threatens the system's confide...
Mariadb Mariadb
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Percona Xtradb Cluster
Galeracluster Galera Cluster For Mysql
8.8
CVSSv3
CVE-2017-15365
sql/event_data_objects.cc in MariaDB prior to 10.1.30 and 10.2.x prior to 10.2.10 and Percona XtraDB Cluster prior to 5.6.37-26.21-3 and 5.7.x prior to 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data defin...
Fedoraproject Fedora 26
Mariadb Mariadb
Percona Xtradb Cluster
8.1
CVSSv3
CVE-2020-10996
An issue exists in Percona XtraDB Cluster prior to 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
Percona Xtradb Cluster
8.1
CVSSv3
CVE-2014-2029
The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle malicious users to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.
Percona Toolkit 2.1
7.8
CVSSv3
CVE-2022-25834
In Percona XtraBackup (PXB) up to and including 2.2.24 and 3.x up to and including 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.
Percona Xtrabackup
7.8
CVSSv3
CVE-2017-15945
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages prior to 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging a...
Mysql Mysql
Mariadb Mariadb
7.5
CVSSv3
CVE-2022-34968
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows malicious users to cause a Denial of Service (DoS) via a SQL query.
Percona Percona Server 8.0.28-19
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »