Known Vulnerabilities for products from Percona
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Percona".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-25212 | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2021-27928 | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10... | 7.2 - HIGH | 2021-03-19 | 2022-05-03 |
| CVE-2020-26542 | An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP aut... | 9.8 - CRITICAL | 2020-11-09 | 2020-11-23 |
| CVE-2020-15180 | A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command... | 9 - CRITICAL | 2021-05-27 | 2023-11-07 |
| CVE-2020-10997 | Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may includ... | 6.5 - MEDIUM | 2020-04-27 | 2021-07-21 |
| CVE-2020-10996 | An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transit... | 8.1 - HIGH | 2020-04-27 | 2022-04-26 |
| CVE-2020-7920 | pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. | 7.5 - HIGH | 2020-02-06 | 2021-07-21 |
| CVE-2019-12301 | The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root passw... | 9.8 - CRITICAL | 2019-05-23 | 2020-08-24 |
| CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-... | 8.8 - HIGH | 2018-01-25 | 2023-11-07 |
| CVE-2016-6664 | mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.... | 7 - HIGH | 2016-12-13 | 2023-01-24 |
| CVE-2016-6663 | Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before ... | 7 - HIGH | 2016-12-13 | 2019-03-05 |
| CVE-2016-6662 | Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, an... | 9.8 - CRITICAL | 2016-09-20 | 2021-08-04 |
| CVE-2016-6225 | xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for en... | 5.9 - MEDIUM | 2017-03-23 | 2023-11-07 |
| CVE-2015-1027 | The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP do... | 5.9 - MEDIUM | 2017-09-29 | 2017-10-10 |
| CVE-2014-2029 | The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain se... | 8.1 - HIGH | 2017-09-29 | 2017-10-10 |
| CVE-2013-6394 | Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local us... | 2.1 - LOW | 2013-12-13 | 2018-10-30 |
Known software with vulnerabilities from Percona
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Percona | Monitoring And Management | - |
| Application | Percona | Percona Server | 5.1 |
| Application | Percona | Toolkit | 0.9.5 |
| Application | Percona | Xtrabackup | 1.4 |
| Application | Percona | Xtradb Cluster | 5.5 |