Search Results (Refine Search)
- CPE Product Version: cpe:/a:percona:percona_server:5.1.53
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-27928 |
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. Published: March 18, 2021; 11:15:12 PM -0400 |
V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2020-26542 |
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account. Published: November 09, 2020; 3:15:13 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |