Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
percona xtrabackup vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-25834
In Percona XtraBackup (PXB) up to and including 2.2.24 and 3.x up to and including 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.
Percona Xtrabackup
5.3
CVSSv3
CVE-2022-45866
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.
Qpress Project Qpress
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.5
CVSSv3
CVE-2022-26944
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_hi...
Percona Xtrabackup 2.4.20
6.5
CVSSv3
CVE-2020-10997
Percona XtraBackup prior to 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtra...
Percona Xtrabackup
5.9
CVSSv3
CVE-2015-1027
The version checking subroutine in percona-toolkit prior to 2.2.13 and xtrabackup prior to 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the malicious user to respond with modified comma...
Percona Xtrabackup
Percona Toolkit
5.9
CVSSv3
CVE-2016-6225
xbcrypt in Percona XtraBackup prior to 2.3.6 and 2.4.x prior to 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent malicious users to obtain sensitive information from encrypted backup files via a Chosen-Plaintex...
Percona Xtrabackup
Percona Xtrabackup 2.4.1
Percona Xtrabackup 2.4.0
Percona Xtrabackup 2.4.3
Percona Xtrabackup 2.4.2
Percona Xtrabackup 2.4.4
Opensuse Leap 42.2
Opensuse Leap 42.1
Fedoraproject Fedora 25
Fedoraproject Fedora 24
NA
CVE-2013-6394
Percona XtraBackup prior to 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
Percona Xtrabackup 2.1.1
Percona Xtrabackup 2.1.0
Percona Xtrabackup
Percona Xtrabackup 2.1.4
Percona Xtrabackup 2.1.3
Percona Xtrabackup 2.1.2
Opensuse Opensuse 13.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started