Skip to main content

Percona Server

7 CVEs product

Monthly

CVE-2022-34968 HIGH POC This Week

An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Percona Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-27928 HIGH POC THREAT This Week

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Oracle Code Injection MariaDB Percona Server +2
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
38.2%
CVE-2020-26542 CRITICAL Act Now

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Percona Server
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-12301 CRITICAL Act Now

The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ubuntu Debian Percona Server
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2016-6664 HIGH POC PATCH THREAT Act Now

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 54.4%.

Information Disclosure Oracle MySQL MariaDB Percona Server +1
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
54.4%
Threat
4.5
CVE-2016-6663 HIGH POC PATCH This Week

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Oracle MySQL Percona Server +2
NVD GitHub Exploit-DB
CVSS 3.0
7.0
EPSS
3.4%
CVE-2016-6662 CRITICAL POC PATCH THREAT Act Now

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.6%.

RCE Privilege Escalation Oracle MySQL Percona Server +10
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
89.6%
Threat
6.1
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Percona Server
NVD
EPSS 38% CVSS 7.2
HIGH POC THREAT This Week

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Oracle Code Injection +4
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Percona Server
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ubuntu Debian +1
NVD
EPSS 54% 4.5 CVSS 7.0
HIGH POC PATCH THREAT Act Now

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 54.4%.

Information Disclosure Oracle MySQL +3
NVD Exploit-DB
EPSS 3% CVSS 7.0
HIGH POC PATCH This Week

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Oracle +4
NVD GitHub Exploit-DB
EPSS 90% 6.1 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.6%.

RCE Privilege Escalation Oracle +12
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy