Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Percona Subscribe
Filtered by product Xtradb Cluster
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6664 3 Mariadb, Oracle, Percona 4 Mariadb, Mysql, Percona Server and 1 more 2023-01-24 6.9 MEDIUM 7.0 HIGH
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
CVE-2020-15180 4 Debian, Galeracluster, Mariadb and 1 more 4 Debian Linux, Galera Cluster For Mysql, Mariadb and 1 more 2022-08-05 6.8 MEDIUM 9.0 CRITICAL
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
CVE-2020-10996 1 Percona 1 Xtradb Cluster 2022-04-26 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
CVE-2017-15365 3 Fedoraproject, Mariadb, Percona 3 Fedora, Mariadb, Xtradb Cluster 2019-10-02 6.5 MEDIUM 8.8 HIGH
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
CVE-2016-6663 3 Mariadb, Oracle, Percona 4 Mariadb, Mysql, Percona Server and 1 more 2019-03-05 4.4 MEDIUM 7.0 HIGH
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.