Specific replication command with malformed oplog entries can crash secondaries

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

Features of Veeam Backup & Replication may not function when the Veeam Backup Service is run as a user that is not assigned the "Veeam Backup Administrator" role

Article Applicability This article is specific to a situation in which the Veeam Backup Service is set with a "Log On As" other than Local System. Challenge When the Veeam Backup Service is set to use a specific user as the service's "Log On" account, some features may not function correctly if...

How to Add RHEL 8/9 Using NIST 800-171 or DISA STIG Security Profile to Veeam Backup & Replication

Product Enhancement Starting in Veeam Backup & Replication 12.1.2, both DISA STIG and NIST profiles are now natively supported without any need to perform the manual tasks documented in this article. Purpose This article documents the additional procedures required to add a Linux machine to Veeam...

Agent for Windows backup session is reports success but backup fails

Challenge In certain rare circumstances, backup jobs for Windows Machines using "Mode: Managed by backup server" may mark a result as Success, although the job fails because of the network interuption. Impacted Configurations: Backup & Replication version 9.5 or 10 Veeam Agent for Microsoft Windo...

Last 24 hours -> Running view lists sessions that are actually in stopped state

Challenge Under certain circumstances, the Last 24 hours Running view displays "extra" sessions that are actually in a stopped state. An example where 3 tasks are running, but the "Running" view displays completed stopped tasks. Cause To improve UI responsiveness, some UI data is cached. The issu...

Tobesoft Nexacro 输入验证错误漏洞

Tobesoft Nexacro is a unified framework-based OSMU single-source multi-purpose application development solution from Tobesoft, South Korea. Nexacro 17 suffers from a security vulnerability that stems from an arbitrary file creation due to incorrect input validation found in the copy method of the...

Release Information for Veeam Backup & Replication 11a Cumulative Patches

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Requirements Before installing this Cumulative Patch using the Patch Installer, please confirm that you are running Veeam Backup & Replication 11a build 11.0.1.1261 wi...

Apache Ozone has an unspecified vulnerability (CNVD-2021-91626)

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that stems from various internal server-to-server RPC endpoints that can be used to connect, and an attacker can...

GHSA-3W5H-X4RH-HC28 Exposure of sensitive information in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

Exposure of sensitive information in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

Information Disclosure

hadoop-hdds-container-service is vulnerable to information disclosure. an attacker can modify ratis replication configuration through the server-to-server RPC endpoint by downloading the raw data from the data node and ozone manager...

Release Information for Dell PowerStore Plug-In for Veeam Backup & Replication

This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing Dell PowerStore Plug-In v2.1.9, ensure that you are running Veeam Backup & Replication...

CVE-2021-39231

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

CVE-2021-39231

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

Design/Logic Flaw

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

CVE-2021-39231 Missing authentication/authorization on internal RPC endpoints

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

Apache Ozone 安全漏洞

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that stems from various internal server-to-server RPC endpoints that can be used to connect, and an attacker can...

PT-2021-22481 · Apache · Apache Ozone

Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue allows an attacker to access internal server-to-server RPC endpoints, enabling them to download raw data from Datanode and Ozone manager, and modify Ratis replication configuration...

Design/Logic Flaw

DISPUTED Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication t...