VMware Cloud Director 10.4 Compatibility Patches

Hotfix for Veeam Backup & Replication 11.0.1.1261 P20230227 The hotfix on this article has been rebuilt as of 2023-11-24 to be compatible only with Veeam Backup & Replication build 11.0.1.1261 P20230227. This is the second such rebuild; the last rebuild was on 2023-03-16. Note: If an older versio...

Security Bulletin: Directory listing vulnerability in IBM InfoSphere Data Replication Dashboard (CVE-2012-4861)

Abstract InfoSphere Data Replication Dashboard includes a web server that can be used to list specific directories under the dashboard web application. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-4861 DESCRIPTION: It is possible to retrieve a directory listing by sending a request for specifi...

[SECURITY] Fedora 37 Update: redis-7.0.5-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Security Bulletin: IBM InfoSphere Data Replication Dashboard Username Enumeration (CVE-2013-0584)

Abstract A remote, unauthenticated user can enumerate a list of InfoSphere Data Replication Dashboard user accounts including which accounts do not require a password. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0584 CVSS: CVSS Base Score: 5 CVSS Temporal Score: See for the current score CVSS...

Security Bulletin: Denial of service in IBM InfoSphere Data Replication Dashboard (CVE-2011-4461)

Abstract InfoSphere Data Replication Dashboard includes Jetty which has a known security vulnerability that can lead to a denial of service. Content VULNERABILITY DETAILS: CVE ID: CVE-2011-4461 DESCRIPTION: An attacker, using specially crafted HTTP requests, can cause up to 100% CPU usage,...

Security Bulletin: Multiple vulnerabilities in IBM JRE affect InfoSphere Data Replication Dashboard (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract The IBM JRE embedded in the InfoSphere Data Replication Dashboard has security vulnerabilities that affect SSL connections to the dashboard web server. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0440 DESCRIPTION: An unspecified vulnerability allows remote attackers to affect...

Security Bulletin: InfoSphere Replication Dashboard is affected by a vulnerability in the IBM JRE (CVE-2013-5780)

Abstract An unspecified vulnerability in IBM Java related to the Libraries component could allow a remote attacker to obtain sensitive information. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-5780 CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See...

Security Bulletin: InfoSphere Data Replication Dashboard is affected by a vulnerability in the IBM JRE (CVE-2013-0169)

Abstract The IBM JRE that is embedded in the InfoSphere Data Replication Dashboard has a security vulnerability that affects SSL connections to the dashboard web server. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0169 DESCRIPTION: The TLS protocol does not properly consider timing side-chann...

Security Bulletin: Multiple Vulnerabilities affect InfoSphere Data Replication Dashboard (CVE-2013-2999, CVE-2013-3001, CVE-2013-3000)

Abstract The InfoSphere Data Replication Dashboard has been affected by multiple vulnerabilities. See description of CVE-2013-2999, CVE-2013-3001, and CVE-2013-3000 below. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-2999 DESCRIPTION: The Infosphere Data Replication Dashboard for mobile device...

GHSA-J3QW-G67Q-7M64 Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation

Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middl...

GHSA-JVF3-MFXV-JCQR Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

Design/Logic Flaw

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

Virtuozzo Hybrid Infrastructure 5.2 Update 1 (5.2.1-57)

This update provides full support for Authorization Code Flow, as well as bug fixes and improvements. Vulnerability id: VSTOR-57337 It is impossible to set the disk role to "Unassigned" while joining a node to the cluster. Vulnerability id: VSTOR-57187 Unable to add an iSCSI target with multiple...

mysql: Server: Replication unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Jan 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Replication unspecified vulnerability (CPU Jan 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Jan 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...