AZL-7730 CVE-2022-21344 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

AZL-7580 CVE-2022-21256 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21256

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

UBUNTU-CVE-2022-21379

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

UBUNTU-CVE-2022-21344

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2022-21256

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

UBUNTU-CVE-2022-21256

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21379

CVE-2022-21379 affects Oracle MySQL Server, specifically the Group Replication Plugin in MySQL 8.0.27 and earlier. The vulnerability allows a network-remote, high-privilege attacker to cause a hang or crash (DoS). Public materials note multiple distro advisories updating to newer MySQL 8.0.x vers...

CVE-2022-21379

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Metasploit Wrap-Up

Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...

Veeam Plug-In for Oracle RMAN Cumulative Patch P20211211

Requirements Veeam Plug-In for Oracle RMAN Cumulative Patch P20211211 requires at least Veeam Backup & Replication v11 GA 11.0.0.837. The Veeam Plug-In for Oracle RMAN package on this article is also included with the Veeam Backup & Replication 11a P20211211 installer ISO. It is provided here as ...

MongoDB Server Denial of Service Vulnerability (CNVD-2021-101988)

Mongodb Server is an open source NoSQL database from Mongodb, Inc. The database provides collection-oriented storage, dynamic query, data replication and automatic failover, etc. A denial-of-service vulnerability exists in MongoDB Server, which can be exploited by an attacker with basic CRUD...

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-4104) affects InfoSphere Data Replication

Summary There is a vulnerability in the version of Log4j that was included in InfoSphere Data Replication. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data wh...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

...

CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to...

Specific replication command with malformed oplog entries can crash secondaries

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to...

Features of Veeam Backup & Replication may not function when the Veeam Backup Service is run as a user that is not assigned the "Veeam Backup Administrator" role

Article Applicability This article is specific to a situation in which the Veeam Backup Service is set with a "Log On As" other than Local System. Challenge When the Veeam Backup Service is set to use a specific user as the service's "Log On" account, some features may not function correctly if...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

How to Add RHEL 8/9 Using NIST 800-171 or DISA STIG Security Profile to Veeam Backup & Replication

Product Enhancement Starting in Veeam Backup & Replication 12.1.2, both DISA STIG and NIST profiles are now natively supported without any need to perform the manual tasks documented in this article. Purpose This article documents the additional procedures required to add a Linux machine to Veeam...

Agent for Windows backup session is reports success but backup fails

Challenge In certain rare circumstances, backup jobs for Windows Machines using "Mode: Managed by backup server" may mark a result as Success, although the job fails because of the network interuption. Impacted Configurations: Backup & Replication version 9.5 or 10 Veeam Agent for Microsoft Windo...