CVE-2021-40386

Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code...

Kaseya Unitrends Client/Agent 安全漏洞

Kaseya Unitrends Client/Agent is a cloud-based enterprise backup and disaster recovery technology from Kaseya Corporation, USA. A security vulnerability exists in Kaseya Unitrends Client/Agent version 10.5.5 and prior versions. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2021-43033

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input received by the server being passed to system calls...

CVE-2021-43041

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application...

CVE-2021-43036

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak...

CVE-2021-43043

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...

Unitrends Backup 安全漏洞

Unitrends Backup UB is a suite of data protection software from Unitrends, Inc. that provides data backup, data recovery and deduplication functions.A security vulnerability exists in the Kaseya Unitrends Backup Appliance, which could be exploited by an attacker to log into the target system...

PT-2021-23728 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Samba file sharing service, allowing anonymous read/write access. Recommendations: For versions prior to 10.5.5, update to version 10.5.5 o...

PT-2021-23724 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the software, involving two unauthenticated SQL injection vulnerabilities. These vulnerabilities allow arbitrary SQL queries to be injected and...

PT-2021-23723 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Kaseya Unitrends Backup Appliance, where a world writable file allowed local users to execute arbitrary code as the user apache, leading to...

PT-2021-23727 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Kaseya Unitrends Backup Appliance where the wguest account could execute commands by injecting into PostgreSQL trigger functions, allowing...

PT-2021-23722 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Kaseya Unitrends Backup Appliance, where multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as...

PT-2021-23731 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: A buffer overflow issue existed in the vaultServer component, which was exploitable by a remote unauthenticated attacker. Recommendations: For versions prior to 10.5.5,...