How to Change Where Logs are Stored on the Veeam Appliances

Changing Log Location Will Break Automated Log Collection The automated log collection tools built into both the Veeam Backup & Replication Web UI of the Veeam Software Appliance and the "Create support bundle" function within the Host Management Console collect logs only from the default log...

Backup Job to Cloud Provider Fails to Stop Running Health Check Session

Known Issues - Will be resolved in future release. This issue Issue ID: 1151633 has been identified and reviewed by Veeam's R&D team and will be fixed in a future release. This article serves to document the issue and provide information about workarounds. Challenge Observed Behavior If the Healt...

EUVD-2021-24611

Malware in sbrugna...

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

CVE-2024-30896

CVE-2024-30896 affects InfluxDB OSS 2.x up to 2.7.11, where the administrative operator token is stored under the default organization. This allows authorized users with read access to the default organization’s authorization resource to retrieve the operator token, enabling potential privilege e...

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

BELL-CVE-2024-49931

Bulletin has no description...

CVE-2024-42473

OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As...

CVE-2024-42473 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As...

CAN-2005-1260

The CAN-2005-1260 entry concerns bzip2 up to version 1.0.2 (and earlier). A crafted bzip2 file can trigger an infinite loop during decompression, leading to denial of service by exhausting disk space or CPU time. Several connected advisories confirm impact is via decompression of untrusted archiv...

Stack overflow

TensorFlow is an open source platform for machine learning. Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will...

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

Design/Logic Flaw

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

Invision Power Top Site List 2.0 Alpha 3 - SQL Injection (PoC)

Invision Power Top Site List 2.0 Alpha 3 - SQL Injection PoC Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 2.0 Alpha 3 Website: http://www.invisionpower.com/ BID: 9229 Description: Invision Power Top Site List is a...