161 matches found
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
CVE-2021-27928
Disclaimer: This data contains information about vulnerable...
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
CVE-2021-27928
MariaDB and Percona Server are affected by CVE-2021-27928: an untrusted search path enables eval injection, allowing a database SUPER user to execute OS commands after altering wsrep_provider and wsrep_notify_cmd. Affected versions: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10...
CVE-2020-26542
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the...
CVE-2020-26542
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the...
Authentication flaw
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the...
CVE-2020-26542
The CVE-2020-26542 issue affects the MongoDB Simple LDAP plugin used with Percona Server (through 2020-10-02). When using SimpleLDAP with Active Directory, authentication can succeed with a blank password, granting access at the privileges of the authenticating account. The NVD notes a high impac...
CVE-2020-26542
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the...
Percona Server Authorization Issues Vulnerability
Percona Server is an open source relational database management system . An authorization issue vulnerability exists in Percona Server version 5.6.44-85.0-1 Debian and Ubuntu. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a networked...
CVE-2019-12301
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2...
CVE-2019-12301
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2...
CVE-2019-12301
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2...
Default credentials
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2...
CVE-2019-12301
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2...
CVE-2019-12301
Percona Server 5.6.44-85.0-1 packages for Debian/Ubuntu had a password-reset issue where upgrading reset the root password to blank. This is confirmed by multiple sources (NVD, Red Hat CVE entry, Ubuntu security page). Root credentials could be effectively compromised during upgrades if exploited...
Privilege Escalation
Oracle MySQL, MariaDB, Percona Server and Percona XtraDB Cluster are vulnerable to privilege escalation. A locally authenticated attacker may use race condition while setting stats during MyISAM table repair to obtain elevated privileges...
Privilege Escalation
mysql is vulnerable to privilege escalation attacks. The vulnerability exists as a race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before...
Arbitrary Code Execution
mariadb-galera is vulnerable to arbitrary code execution attacks. The vulnerability exists as Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before...