CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 CVSS score: 9.1, the...

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk

SolarWinds has issued patches to address a new security flaw in its Web Help Desk WHD software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. "The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowi...

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

Virtuozzo Hybrid Server 7.5 Update 5 Hotfix 2 (7.5.5-291)

The Hotfix 2 for Virtuozzo Hybrid Server 7.5 Update 5 provides stability and usability bug fixes. Vulnerability id: PSBM-149314 When running the ‘vzpkg install template’ command, the system could install the log4j.jar file and treat its content as a security risk. Vulnerability id: PSBM-150027 So...

CVE-2023-40021

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

Virtuozzo Hybrid Server 7.5 Update 3 Hotfix 2 (7.5.3-407)

The Hotfix 2 for Virtuozzo Hybrid Server 7.5 Update 3 provides new features as well as stability and usability bug fixes. Vulnerability id: PSBM-140018 Unable to set an IP address to containers based on the vzlinux-stream-9-x8664 and centos-stream-9-x8664 templates. Vulnerability id: PSBM-140305...

Virtuozzo Hybrid Infrastructure 4.6 Hotfix 2 (4.6.0-213)

This update provides stability fixes for the storage, Backup Gateway and object storage services. Vulnerability id: VSTOR-44694 A stability fix for the storage service. Vulnerability id: VSTOR-44859 A stability fix for the Backup Gateway service. Vulnerability id: VSTOR-44677 Complete multipart...

Product update: Virtuozzo Hybrid Server 7.0 Update 14 Hotfix 2 (7.0.14-258)

The Hotfix 2 for Virtuozzo Hybrid Server 7.0 Update 14 provides security, stability, and usability bug fixes. Vulnerability id: PSBM-106197, CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402,...

Product release: Virtuozzo Infrastructure Platform 3.5 Update 2 Hotfix 2 (3.5.2-39)

This update provides a stability fix for the metadata service. Vulnerability id: VSTOR-32856 Unreadable files may be created when using erasure coding during the upgrade from version 3.0 to 3.5...

Product update: Virtuozzo 7.0 Update 13 Hotfix 2 (7.0.13-305)

The Hotfix 2 for Virtuozzo 7.0 Update 13 provides stability and usability bug fixes. Vulnerability id: PSBM-102741 Ability to check and fix containers with broken BAT. Vulnerability id: PSBM-102751 Under certain conditions, MDS could crash...

Virtuozzo Hybrid Server 7.5 Hotfix 2 (7.5.0-605)

The Hotfix 2 for Virtuozzo Hybrid Server 7.5 provides a new feature as well as stability and usability bug fixes. Vulnerability id: PSBM-124770 Ploop corruptions after updating to Virtuozzo Hybrid Server 7.5. Vulnerability id: PSBM-124714 libvirt could hang while reading large output from iptable...

Product update: Virtuozzo 7.0 Update 12 Hotfix 2 (7.0.12-354)

The Hotfix 2 for Virtuozzo 7.0 Update 12 provides stability and usability bug fixes. Vulnerability id: PSBM-98208 vzlicmonitor could incorrectly show license state as "GRACED". Vulnerability id: PSBM-99949 Unable to restore corrupted ploop images with ploopdefrag. Vulnerability id: PSBM-101024...

Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting Vulnerability

Exploit for windows platform in category web applications Issue: Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting Vulnerability CVE: CVE-2019-13182 Security researcher: Richard Tan @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.7 Fixed in: Serv...

Product update: Virtuozzo 7.0 Update 11 Hotfix 2 (7.0.11-304)

The Hotfix 2 for Virtuozzo 7.0.11 fixes a usability issue. Vulnerability id: PSBM-98041 Firewalld failed to start in a CentOS 7.7 container due to a firewalld patch that changed how 'nfconntrack' was loaded...

Product update: Virtuozzo 7.0 Update 9 Hotfix 2 (7.0.9-547)

The Hotfix 2 for for Virtuozzo 7.0.9 provides stability and usability bug fixes. Vulnerability id: PSBM-91577 Migration of a container from a Virtuozzo 7 Update 8 host to a Virtuozzo 7 Update 9 host initiated from Virtuozzo Automator could lead to a crash of vzmigrate. Vulnerability id: PSBM-9186...

CVE-2019-9546

SolarWinds Orion Platform prior to 2018.4 Hotfix 2 contains a privilege escalation vulnerability exploitable through the RabbitMQ service. Affected component is Orion Platform with RabbitMQ integration; root cause involves elevation of privileges (unrestricted access via RabbitMQ) that can lead t...

Product update: Virtuozzo 7.0 Update 8 Hotfix 2 (7.0.8-514)

This update provides a stability fix. Vulnerability id: PSBM-88233 EFI VMs created on Virtuozzo 7.0.8 and 7.0.8 Hotfix 1 have incorrect NVRAM.dat file. As a result, they may not start on 7.0.8 Hotfix 2 once stopped. VM console may display the message "Guest has not initialized the display yet". F...

Product update: Virtuozzo 7.0 Update 6 Hotfix 2 (7.0.6-695)

The Hotfix 2 for Virtuozzo 7.0 Update 6 provides a new feature as well as stability and usability bug fixes. Vulnerability id: PSBM-65549 Resource alerts could be shown in Virtuozzo Automator for Windows VMs with enough resources. Vulnerability id: PSBM-78460 Container live migration could fail d...

Product update: Virtuozzo 7.0 Update 5 Hotfix 2 (7.0.5-642)

The Hotfix 2 for Virtuozzo 7.0 Update 5 provides stability and usability bug fixes. Vulnerability id: PSBM-70653 Unable to connect network adapter to a running VM. Vulnerability id: PSBM-70557 Ghost file limit was ignored when migrating containers. Vulnerability id: PSBM-70551 plooptrim could ent...

Product update: Virtuozzo Automator 7 Update 1 Hotfix 2 (7.0.1-740)

The new packages for Virtuozzo Automator 7 introducing a usability bug fix for the management node. Vulnerability id: PVA-36686 The 'vzlicmon' service now automatically starts on VA Management Node update, start, or restart to make sure that the Virtuozzo Automator license will be updated when...