6 matches found
CVE-2016-6225
CVE-2016-6225 affects Percona XtraBackup’s xbcrypt: versions prior to 2.3.6 (and 2.4.x prior to 2.4.5) fail to properly set the initialization vector (IV) for encryption, enabling context-dependent attackers to potentially obtain sensitive data from encrypted backups via a Chosen-Plaintext attack...
CVE-2022-26944
Percona XtraBackup 2.4.20 is affected by CVE-2022-26944 and CVE-2020-10997 due to an information exposure: the command line and runtime arguments are written to backup outputs and, when --history is used, to the PERCONA_SCHEMA.xtrabackup_history table. The issue stems from an incomplete fix for C...
CVE-2015-1027
CVE-2015-1027 affects the version-checking subroutine in percona-toolkit < 2.2.13 and xtrabackup = 2.2.13 and xtrabackup >= 2.2.9), and apply vendor-specific updates as available.
CVE-2022-25834
Percona XtraBackup (PXB) versions up to 2.2.24 and 3.x up to 8.0.27-19 are affected by CVE-2022-25834. A crafted local filename could trigger arbitrary command shell execution. Reported impact is high (local access required, arbitrary code execution). Remediation: upgrade to Percona XtraBackup 8....
CVE-2013-6394
Percona XtraBackup had an IV handling flaw (constant IV) up to 2.1.6, enabling plaintext-attacks against encrypted backups. The issue is acknowledged as a result of an incomplete fix; later advisories indicate that xbcrypt in 2.3.6 and 2.4.x before 2.4.5 does not properly set the IV, implying an ...
CVE-2020-10997
Percona XtraBackup before 2.4.20 exposes sensitive runtime command-line arguments: the backup file output may contain the command line, and the run-time command is also written to PERCONA_SCHEMA.xtrabackup_history when --history is used. This information exposure is the CVE-2020-10997 issue. Publ...