CVE-2024-42453

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...

CVE-2024-42455

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...

CVE-2024-40713

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication MFA settings and bypass MFA...

CVE-2024-40717

A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...

CVE-2025-24371

CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the blocksync protocol peers send their base and latest heights when they connect to a new node A, which is syncing to the tip of a network. base acts as a lower ground and informs A that the...

[SECURITY] Fedora 40 Update: redict-7.3.2-1.fc40

Redict is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 40 Update: valkey-8.0.2-1.fc40

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 41 Update: redict-7.3.2-1.fc41

Redict is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

Important: Red Hat Security Advisory: VolSync 0.10.2 for RHEL 9

VolSync v0.10.2 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: VolSync 0.11.1 for RHEL 9

VolSync v0.11.1 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

[SECURITY] Fedora 40 Update: redis-7.2.7-1.fc40

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 41 Update: valkey-8.0.2-1.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

Cleartext Transmission Of Sensitive Information

Keycloak is vulnerable to plain text replication. The vulnerability is due to the environment option KCCACHEEMBEDDEDMTLSENABLED not functioning as intended, resulting in JGroups replication configuration always using plain text, which allows attackers on adjacent networks to intercept and read...

Keycloak 25.0.x < 26.0.6 Information Disclosure (GHSA-6mpx-pmgp-ww49)

Keycloak versions installed prior to 26.0.6 are affected by an information disclosure vulnerability as referenced in the advisory. - A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in...

Vulnerability of Veeam Backup & Replication virtual and physical systems, due to authentication procedures that lack sufficient protection. This allows attackers to alter multi-factor authentication parameters and circumvent existing security restrictions.

The vulnerability of virtual and physical systems managed by Veeam Backup & Replication is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow attackers to alter the parameters of Multi-Factor Authentication MFA and circumvent existing security...

The vulnerability of Veeam Backup & Replication’s virtual and physical systems arises from the limited ability to restrict the path name to the restricted access directory. This allows attackers to compromise the integrity and accessibility of the protected information.

The vulnerability of Veeam Backup & Replication virtual and physical systems is related to the limited ability to access the directory. Exploiting this vulnerability can allow a malicious actor to influence the integrity and accessibility of the protected information...

The vulnerability in virtual and physical systems of Veeam Backup & Replication lies in the insufficient protection of registration data, allowing attackers to execute arbitrary codes.

The vulnerability of virtual and physical systems managed by Veeam Backup & Replication is related to insufficient protection of registration data. Exploiting these vulnerabilities could allow a malicious actor, operating remotely, to execute arbitrary code...

CVE-2024-10973 Keycloak: cli option for encrypted jgroups ignored

A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information...

CVE-2024-10973

Keycloak vulnerability CVE-2024-10973: the KC_CACHE_EMBEDDED_MTLS_ENABLED environment option does not work and JGroups replication is used in plain text, allowing an attacker on adjacent networks to read sensitive information. The issue affects Keycloak deployments relying on this configuration; ...