CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25834 – Ubuntu Security Notice USN-6745-1
https://notcve.org/view.php?id=CVE-2022-25834
07 Jun 2023 — In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. Multiple vulnerabilities have been discovered in Percona XtraBackup, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 8.0.29.22 are affected. • https://docs.percona.com/percona-xtrabackup/8.0/release-notes/8.0/8.0.32-26.0.html#improvements • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2015-1027
https://notcve.org/view.php?id=CVE-2015-1027
28 Sep 2017 — The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. La subrutina de chequeo de versiones en percona-toolkit en versiones anteriores a la 2.... • https://bugs.launchpad.net/percona-toolkit/+bug/1408375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2016-6225
https://notcve.org/view.php?id=CVE-2016-6225
23 Mar 2017 — xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. xbcrypt en Percona XtraBackup en versiones anteriores a 2.3.6 y 2.4.x en versiones anteriores a 2.4.5 no establece apropiadamente el vector de inicializ... • http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6394
https://notcve.org/view.php?id=CVE-2013-6394
13 Dec 2013 — Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks. Percona XtraBackup anterior a 2.1.6 utiliza una cadena constante para el vector de inicialización (IV), que hace que sea más fácil para los usuarios locales vencer los mecanismos de protección de cifrado y llevar a cabo ataques de texto plano. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html • CWE-310: Cryptographic Issues •