The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of XtraBackup

vulnerability note CVE-2018-0737

OpenSSL: information disclosure via RSA Constant Time Key Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Debian, Fedora, AIX, BladeCenter, IBM i, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenBSD, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 17/04/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0737, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10729805, ibm10743283, ibm10880781, JSA10919, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2957-1, openSUSE-SU-2018:3015-1, openSUSE-SU-2019:0152-1, openSUSE-SU-2019:1432-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:2486-1, SUSE-SU-2018:2492-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2928-1, SUSE-SU-2018:2965-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2019:0197-1, SUSE-SU-2019:0512-1, SUSE-SU-2019:1553-1, TNS-2018-14, TNS-2018-17, TSB17568, USN-3628-1, USN-3628-2, USN-3692-1, USN-3692-2, VIGILANCE-VUL-25884.

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 22268

Percona XtraBackup: information disclosure via Ps Command Line

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Ps Command Line of Percona XtraBackup, in order to obtain sensitive information.
Impacted products: openSUSE Leap, XtraBackup.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 28/03/2017.
Identifiers: openSUSE-SU-2017:0830-1, VIGILANCE-VUL-22268.

Description of the vulnerability

An attacker can bypass access restrictions to data via Ps Command Line of Percona XtraBackup, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-6225

Percona XtraBackup: information disclosure via Xbcrypt Encryption IV

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Xbcrypt Encryption IV of Percona XtraBackup, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, XtraBackup.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 23/01/2017.
Identifiers: CVE-2016-6225, FEDORA-2017-5a823376be, FEDORA-2017-6382ea8d57, openSUSE-SU-2017:0250-1, openSUSE-SU-2017:0251-1, VIGILANCE-VUL-21657.

Description of the vulnerability

An attacker can bypass access restrictions to data via Xbcrypt Encryption IV of Percona XtraBackup, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about XtraBackup: