17 matches found
EUVD-2026-18364
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2020-7920
pmm-server in Percona Monitoring and Management PMM 2.2.x before 2.2.1 allows unauthenticated denial of service...
EUVD-2020-28851
Malware in sbrugna...
EUVD-2023-38487
Malicious code in bioql PyPI...
CVE-2023-34409
In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...
CVE-2023-34409
In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...
Path traversal
In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...
CVE-2023-34409
In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...
PT-2023-24861 · Percona · Percona Monitoring/Management
Name of the Vulnerable Software and Affected Versions: Percona Monitoring and Management PMM server versions 2.x through 2.37.0 Description: The issue arises from the authenticate function in auth server.go not properly formalizing and sanitizing URL paths, which fails to reject path traversal...
CVE-2023-34409
Summary: CVE-2023-34409 affects Percona Monitoring and Management (PMM) server 2.x up to 2.37.1. The vulnerability stems from the authenticate function in auth_server.go, which does not properly formalize or sanitize URL paths to reject path traversal. This allows an unauthenticated remote user t...
Percona Monitoring and Management 路径遍历漏洞
Percona Monitoring and Management is an open-source database monitoring solution from Percona, USA. A security vulnerability exists in Percona Monitoring and Management server version 2.x prior to 2.37.1, which stems from the authentication function in authserver.go that does not properly formali...
CVE-2023-34409
In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...
CVE-2020-7920
pmm-server in Percona Monitoring and Management PMM 2.2.x before 2.2.1 allows unauthenticated denial of service...
CVE-2020-7920
pmm-server in Percona Monitoring and Management PMM 2.2.x before 2.2.1 allows unauthenticated denial of service...
Denial of service
pmm-server in Percona Monitoring and Management PMM 2.2.x before 2.2.1 allows unauthenticated denial of service...
CVE-2020-7920
pmm-server in Percona Monitoring and Management PMM 2.2.x before 2.2.1 allows unauthenticated denial of service...
CVE-2020-7920
PMM PMM-Server 2.2.x is affected by CVE-2020-7920 and before-2.2.1, allowing unauthenticated denial of service. The vulnerability affects the pmm-server component within Percona Monitoring and Management; no root-cause details are provided in the sources beyond the generic DoS description. Remedi...