Skip to main content

Toolkit

5 CVEs product

Monthly

CVE-2024-7701 MEDIUM This Month

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.6.0. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Toolkit
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2022-35954 npm MEDIUM PATCH This Month

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Toolkit
NVD GitHub
CVSS 3.1
5.0
EPSS
0.6%
CVE-2020-15228 npm MEDIUM POC PATCH This Month

In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Toolkit
NVD GitHub
CVSS 3.1
5.0
EPSS
1.5%
CVE-2015-1027 MEDIUM POC This Month

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Toolkit Xtrabackup
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2014-2029 HIGH PATCH This Week

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

RCE Information Disclosure Toolkit
NVD
CVSS 3.0
8.1
EPSS
0.7%
EPSS 0% CVSS 5.1
MEDIUM This Month

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.6.0. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Toolkit
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Toolkit
NVD GitHub
EPSS 2% CVSS 5.0
MEDIUM POC PATCH This Month

In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Toolkit
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Toolkit Xtrabackup
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

RCE Information Disclosure Toolkit
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy