Percona XtraDB Cluster 5.6.37-26.21 V3

CPE Details

Percona XtraDB Cluster 5.6.37-26.21 V3
percona
xtradb_cluster
5.6.37-26.21
2019-03-04
14h50 +00:00
2019-03-04
14h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:percona:xtradb_cluster:5.6.37-26.21:v3:*:*:*:*:*:*

Informations

Vendor

percona

Product

xtradb_cluster

Version

5.6.37-26.21

Update

v3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-15180 2021-05-27 17h45 +00:00 A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
9
Critical
CVE-2020-10996 2020-04-27 10h45 +00:00 An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
8.1
High
CVE-2017-15365 2018-01-25 15h00 +00:00 sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.