CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25834 – Ubuntu Security Notice USN-6745-1
https://notcve.org/view.php?id=CVE-2022-25834
07 Jun 2023 — In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. Multiple vulnerabilities have been discovered in Percona XtraBackup, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 8.0.29.22 are affected. • https://docs.percona.com/percona-xtrabackup/8.0/release-notes/8.0/8.0.32-26.0.html#improvements • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10997
https://notcve.org/view.php?id=CVE-2020-10997
27 Apr 2020 — Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. Percona XtraBackup versiones anteriores a la versión 2.4.20, escribe involuntariamente en la línea de comandos en cualquier salida de archivo de copia de seguridad resultante. Esto puede incluir argumentos confid... • https://jira.percona.com/browse/PXB-2142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •