Percona Xtradb Cluster vulnerabilities

5 known vulnerabilities affecting percona/xtradb_cluster.

Total CVEs

5

CISA KEV

0

Public exploits

2

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH4

Vulnerabilities

Page 1 of 1

CVE-2020-15180CRITICALCVSS 9.0fixed in 5.6.49-28.42.2≥ 5.7, < 5.7.31-31.45.2+1 more2021-05-27

CVE-2020-15180 [CRITICAL] CWE-20 CVE-2020-15180: A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_m A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before

CVE-2020-10996HIGHCVSS 8.1fixed in 5.7.28-31.41.22020-04-27

CVE-2020-10996 [HIGH] CWE-798 CVE-2020-10996: An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadverten An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.

CVE-2017-15365HIGHCVSS 8.8fixed in 5.6.37-26.21-3≥ 5.7.0, < 5.7.19-29.22-32018-01-25

CVE-2017-15365 [HIGH] CVE-2017-15365: sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Clu sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL

CVE-2016-6664HIGHCVSS 7.0PoC≥ 5.5, < 5.5.41-37.0≥ 5.6, < 5.6.32-25.17+1 more2016-12-13

CVE-2016-6664 [HIGH] CWE-59 CVE-2016-6664: mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access

CVE-2016-6663HIGHCVSS 7.0PoC≥ 5.5, < 5.5.41-37.0≥ 5.6, < 5.6.32-25.17+1 more2016-12-13

CVE-2016-6663 [HIGH] CWE-362 CVE-2016-6663: Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x befo Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x

Percona Xtradb Cluster vulnerabilities | cvebase