Latest Percona Vulnerabilities

● CVE-2022-25834

In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.

Percona XtraBackup<=2.2.24

Percona XtraBackup>=3.0<=8.0.27-19

debian/percona-xtrabackup

ubuntu/percona-xtrabackup<2.4.9-0ubuntu2+

ubuntu/percona-xtrabackup<2.4.28<8.0.32-26

ubuntu/percona-xtrabackup<2.3.7-0ubuntu0.16.04.2+

● CVE-2023-34409

In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. T...

Percona Monitoring and Management>=2.0.0<2.37.1

● CVE-2022-34968

An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.

Percona Percona Server=8.0.28-19

● CVE-2022-26944

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at...

Percona XtraBackup=2.4.20

● CVE-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch th...

Mariadb Mariadb>=10.2<10.2.37

Mariadb Mariadb>=10.3<10.3.28

Mariadb Mariadb>=10.4<10.4.18

Mariadb Mariadb>=10.5<10.5.9

Percona Percona Server<=2021-03-03

Galeracluster Wsrep<=2021-03-03

and 1 more

● CVE-2020-26542

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has d...

Percona Percona Server<=2020-10-02

● CVE-2020-15180

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary ...

Mariadb Mariadb>=10.1.0<10.1.47

Mariadb Mariadb>=10.2.0<10.2.34

Mariadb Mariadb>=10.3.0<10.3.25

Mariadb Mariadb>=10.4.0<10.4.15

Mariadb Mariadb>=10.5.0<10.5.6

Debian Debian Linux=9.0

and 16 more

● CVE-2020-10996

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.

Percona XtraDB Cluster<5.7.28-31.41.2

● CVE-2020-10997

Percona XtraBackup>=2.4.11<2.4.20

Percona XtraBackup>=8.0.4<8.0.11

● CVE-2020-7920

pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.

Percona Monitoring and Management>=2.2.0<2.2.1

● CVE-2019-12301

The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.

Percona Percona Server=5.6.44-85.0-1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.