Known Vulnerabilities for products from Percona
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Percona".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-25212 json | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, a... | Not Provided | 2026-04-02 | 2026-04-21 |
| CVE-2023-34409 json | In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not pro... | 9.8 - CRITICAL | 2023-06-06 | 2023-06-16 |
| CVE-2022-34968 json | An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS... | 7.5 - HIGH | 2022-08-03 | 2022-08-09 |
| CVE-2022-26944 json | Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensi... | 6.5 - MEDIUM | 2022-06-02 | 2022-06-11 |
| CVE-2022-25834 json | In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigg... | 7.8 - HIGH | 2023-06-07 | 2023-06-15 |
| CVE-2021-27928 json | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10... | 7.2 - HIGH | 2021-03-19 | 2022-05-03 |
| CVE-2020-26542 json | An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP aut... | 9.8 - CRITICAL | 2020-11-09 | 2020-11-23 |
| CVE-2020-15180 json | A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command... | 9 - CRITICAL | 2021-05-27 | 2023-11-07 |
| CVE-2020-10997 json | Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may includ... | 6.5 - MEDIUM | 2020-04-27 | 2021-07-21 |
| CVE-2020-10996 json | An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transit... | 8.1 - HIGH | 2020-04-27 | 2022-04-26 |
| CVE-2020-7920 json | pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. | 7.5 - HIGH | 2020-02-06 | 2021-07-21 |
| CVE-2019-12301 json | The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root passw... | 9.8 - CRITICAL | 2019-05-23 | 2020-08-24 |
| CVE-2017-15365 json | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-... | 8.8 - HIGH | 2018-01-25 | 2023-11-07 |
| CVE-2016-6664 json | mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.... | 7 - HIGH | 2016-12-13 | 2023-01-24 |
| CVE-2016-6663 json | Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before ... | 7 - HIGH | 2016-12-13 | 2019-03-05 |
| CVE-2016-6662 json | Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, an... | 9.8 - CRITICAL | 2016-09-20 | 2021-08-04 |
| CVE-2016-6225 json | xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for en... | 5.9 - MEDIUM | 2017-03-23 | 2023-11-07 |
| CVE-2015-1027 json | The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP do... | 5.9 - MEDIUM | 2017-09-29 | 2017-10-10 |
| CVE-2014-2029 json | The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain se... | 8.1 - HIGH | 2017-09-29 | 2017-10-10 |
| CVE-2013-6394 json | Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local us... | 2.1 - LOW | 2013-12-13 | 2018-10-30 |
Known software with vulnerabilities from Percona
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Percona | Monitoring And Management | - |
| Application | Percona | Percona Server | 2020-10-02 |
| Application | Percona | Toolkit | 0.9.5 |
| Application | Percona | Xtrabackup | 1.4 |
| Application | Percona | Xtradb Cluster | 5.5 |