CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10997
https://notcve.org/view.php?id=CVE-2020-10997
27 Apr 2020 — Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. Percona XtraBackup versiones anteriores a la versión 2.4.20, escribe involuntariamente en la línea de comandos en cualquier salida de archivo de copia de seguridad resultante. Esto puede incluir argumentos confid... • https://jira.percona.com/browse/PXB-2142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7920
https://notcve.org/view.php?id=CVE-2020-7920
06 Feb 2020 — pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. pmm-server en Percona Monitoring and Management (PMM) versiones 2.2.x anteriores a 2.2.1, permite una denegación de servicio no autenticada. • https://jira.percona.com/browse/PMM-5232 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12301
https://notcve.org/view.php?id=CVE-2019-12301
23 May 2019 — The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2. Los paquetes Percona Server versión 5.6.44-85.0-1 para Debian y Ubuntu, sufrieron un problema donde el servidor restablecería la contraseña raíz a un valor en blanco al realizar una actualización. Esto fue corregido en versión 5.6.44-85.0-2. • https://jira.percona.com/browse/PS-5640 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15365 – mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks
https://notcve.org/view.php?id=CVE-2017-15365
25 Jan 2018 — sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. sql/event_data_objects.cc en MariaDB en versiones anteriores a la 10.1.30 y 10.2.x anteriores a la 10.2.10 y Percona Xtra... • https://access.redhat.com/errata/RHSA-2019:1258 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2015-1027
https://notcve.org/view.php?id=CVE-2015-1027
28 Sep 2017 — The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. La subrutina de chequeo de versiones en percona-toolkit en versiones anteriores a la 2.... • https://bugs.launchpad.net/percona-toolkit/+bug/1408375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2029
https://notcve.org/view.php?id=CVE-2014-2029
28 Sep 2017 — The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com. La funcionalidad de chequeo de versiones automático en las herramientas de Percona Toolkit 2.1 permite a los atacantes Man-in-the-Middle (MitM) obtener información sensible o ejecutar código arbitrario usando HTTP para descargar información de configuración... • http://www.openwall.com/lists/oss-security/2014/02/19/14 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2016-6225
https://notcve.org/view.php?id=CVE-2016-6225
23 Mar 2017 — xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. xbcrypt en Percona XtraBackup en versiones anteriores a 2.3.6 y 2.4.x en versiones anteriores a 2.4.5 no establece apropiadamente el vector de inicializ... • http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 47%CPEs: 12EXPL: 4CVE-2016-6664 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6664
02 Nov 2016 — mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. mysqld_safe en Oracle MySQL hasta la versión 5.5.5... • https://packetstorm.news/files/id/139491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 2%CPEs: 13EXPL: 4CVE-2016-6663 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
https://notcve.org/view.php?id=CVE-2016-6663
31 Oct 2016 — Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.... • https://packetstorm.news/files/id/139476 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 89%CPEs: 30EXPL: 9CVE-2016-6662 – MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6662
12 Sep 2016 — Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL... • https://packetstorm.news/files/id/138678 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •