In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against...
9.8CVSS
9.2AI Score
0.001EPSS
In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary...
7.8CVSS
7.7AI Score
0.0004EPSS
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL...
7.5CVSS
7.5AI Score
0.001EPSS
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE:....
6.5CVSS
6.6AI Score
0.001EPSS