Vulnerabilities > Percona

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2020-15180 Static Code Injection vulnerability in multiple products
A flaw was found in the mysql-wsrep component of mariadb.
6.8
2021-03-19 CVE-2021-27928 Code Injection vulnerability in multiple products
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL.
network
low complexity
mariadb percona galeracluster debian CWE-94
critical
9.0
2020-11-09 CVE-2020-26542 Improper Authentication vulnerability in Percona Server
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.
network
low complexity
percona CWE-287
7.5
2020-04-27 CVE-2020-10997 Improper Input Validation vulnerability in Percona Xtrabackup
Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output.
network
low complexity
percona CWE-20
4.0
2020-04-27 CVE-2020-10996 Inappropriate Encoding for Output Context vulnerability in Percona Xtradb Cluster
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2.
network
percona CWE-838
6.8
2020-02-06 CVE-2020-7920 Resource Exhaustion vulnerability in Percona Monitoring and Management 2.2.0
pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.
network
low complexity
percona CWE-400
7.8
2019-05-23 CVE-2019-12301 Unspecified vulnerability in Percona Server 5.6.4485.01
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade.
network
low complexity
percona
critical
10.0
2018-01-25 CVE-2017-15365 sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
network
low complexity
fedoraproject mariadb percona
6.5
2017-09-29 CVE-2015-1027 Information Exposure vulnerability in Percona Toolkit and Xtrabackup
The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.
network
percona CWE-200
4.3
2017-09-29 CVE-2014-2029 Information Exposure vulnerability in Percona Toolkit 2.1
The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.
network
percona CWE-200
6.8