Vulnerabilities > Percona
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2022-25834 | Command Injection vulnerability in Percona Xtrabackup In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. | 7.8 |
| 2023-06-06 | CVE-2023-34409 | Path Traversal vulnerability in Percona Monitoring and Management 2.0.0/2.2.0/2.2.1 In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. | 9.8 |
| 2022-08-03 | CVE-2022-34968 | SQL Injection vulnerability in Percona Server 8.0.2819 An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. | 7.5 |
| 2022-06-02 | CVE-2022-26944 | Unspecified vulnerability in Percona Xtrabackup 2.4.20 Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. | 6.5 |
| 2021-05-27 | CVE-2020-15180 | Command Injection vulnerability in multiple products A flaw was found in the mysql-wsrep component of mariadb. | 9.0 |
| 2021-03-19 | CVE-2021-27928 | Code Injection vulnerability in multiple products A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. | 7.2 |
| 2020-11-09 | CVE-2020-26542 | Improper Authentication vulnerability in Percona Server 20201002 An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account. | 9.8 |
| 2020-04-27 | CVE-2020-10997 | Information Exposure vulnerability in Percona Xtrabackup Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. | 6.5 |
| 2020-04-27 | CVE-2020-10996 | Inappropriate Encoding for Output Context vulnerability in Percona Xtradb Cluster An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. | 8.1 |
| 2020-02-06 | CVE-2020-7920 | Infinite Loop vulnerability in Percona Monitoring and Management 2.2.0 pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. | 7.5 |