CVE-2022-25834
https://notcve.org/view.php?id=CVE-2022-25834
In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. • https://docs.percona.com/percona-xtrabackup/8.0/release-notes/8.0/8.0.32-26.0.html#improvements https://www.percona.com/doc/percona-xtrabackup/2.4/index.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-34409
https://notcve.org/view.php?id=CVE-2023-34409
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. • https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-34968
https://notcve.org/view.php?id=CVE-2022-34968
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. Un problema en la función fetch_step de Percona Server for MySQL versión v8.0.28-19, permite a atacantes causar una denegación de servicio (DoS) por medio de una consulta SQL • https://jira.percona.com/browse/PS-8294 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-26944
https://notcve.org/view.php?id=CVE-2022-26944
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997. Percona XtraBackup versión 2.4.20, escribe involuntariamente la línea de comandos en cualquier archivo de copia de seguridad resultante. • https://docs.percona.com/percona-xtrabackup/2.4/release-notes/2.4/2.4.25.html https://jira.percona.com/browse/PXB-2722 •
CVE-2021-27928 – MariaDB 10.2 - 'wsrep_provider' OS Command Execution
https://notcve.org/view.php?id=CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. Se detectó un problema de ejecución de código remota en MariaDB versiones 10.2 anteriores a 10.2.37, versiones 10.3 anteriores a 10.3.28, versiones 10.4 anteriores a 10.4.18 y versiones 10.5 anteriores a 10.5.9; Percona Server versiones hasta el 03-03-2021; y el parche de wsrep versiones hasta el 03-03-2021 para MySQL. Una ruta de búsqueda que no es confiable conlleva a una inyección eval, en la que un usuario SUPER de la base de datos puede ejecutar comandos del Sistema Operativo después de modificar las funciones wsrep_provider y wsrep_notify_cmd. • https://www.exploit-db.com/exploits/49765 https://github.com/Al1ex/CVE-2021-27928 https://github.com/shamo0/CVE-2021-27928-POC https://github.com/LalieA/CVE-2021-27928 http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html https://jira.mariadb.org/browse/MDEV-25179 https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html https://mariadb.com/kb/en/mariadb-10237-release-notes https://mariadb.com/kb/en/mariadb-10328-release-notes https:/& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •