CVE-2020-13941

CVE-2020-13941 concerns Apache Solr’s replication handler. The vulnerability arises because the backup, restore, and deleteBackup HTTP API commands accept a location parameter that was not validated, enabling read/write access to any location the solr user can access. Multiple sources note this w...

CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

CVE-2020-13941

A flaw was found in Solr. The Replication handler allows commands backup, restore, and delete backup that take non-validated allocation parameters which may result in the exfiltration of sensitive data such as OS user hashes NTLM/LMhashes. The highest threat from this vulnerability is to data...

CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

PT-2020-13792 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions prior to 8.6.0 Description: The issue is related to the Replication handler, which allows commands such as backup, restore, and deleteBackup. These commands take a location parameter that was not validated, allowing...

UBUNTU-CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

Vulnerability of the Server:Replication component of the Oracle MySQL database management system, due to insufficient validation of input data, allows attackers to cause downtime or service failures.

The vulnerability of the Server:Replication component of the Oracle MySQL database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause downtime or service failures using the MySQL protocol...

CVE-2020-14349

A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...

Vulnerability in core server (CVE-2020-14349)

Uncontrolled search path element in logical replication The PostgreSQL searchpath setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize searchpath, but logical replication continued to leave...

Network mapping does not work for Hyper-V replicas in Veeam Cloud Connect after renaming Hyper-V virtual switch

Article Applicability This article relates to a known issue documented in the Veeam Cloud Connect User Guide: After you subscribe a tenant to a Hyper-V hardware plan, you cannot rename the virtual switch in Microsoft Hyper-V infrastructure that is used by VM replicas. If you rename the virtual...

SUSE SLED15 / SLES15 Security Update : postgresql10 / postgresql12 (SUSE-SU-2020:2149-1)

This update for postgresql10 and postgresql12 fixes the following issues : postgresql10 was updated to 10.13 bsc1171924. https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html postgresql10 was updated to 10.12 CVE-2020-1720, bsc1163985...

Amazon Linux AMI : mysql56 (ALAS-2020-1402)

The version of mysql56 installed on the remote host is prior to 5.6.49-1.37. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1402 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are...

How to Migrate Tenant Replicas From a Standard Switch (vSS) to a Distributed Switch (vDS)

Purpose This article documents how a Veeam Cloud Service Provider VCSP or simply SP would migrate their tenants's replicas from a virtual Standard Switch vSS to a virtual Distributed Switch vDS. Solution Part 1: Update the Hardware Plan Configuration 1. Edit the Hardware Plan used by tenants that...

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

Veeam Support for Azure Stack Hub

Overview Veeam Backup & Replication supports backup and restore of workloads running on Azure Stack Hub using Veeam Agent for Microsoft Windows and Veeam Agent for Linux. These can be centrally managed with Veeam Backup & Replication. Restore operations are performed using the Direct Restore to...

Release Notes for Veeam Backup & Replication 10a

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 10a. Cause Please confirm that you are running version 9.5 Update 3 build 9.5.0.1536 or later prior to upgrading...

NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter)

Exploit Title: NetPCLinker 1.0.0.0 - Buffer Overflow SEH Egghunter Date: 2019-06-28 Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/netpclinker/ Software Link: https://sourceforge.net/projects/netpclinker/files/ Version: 1.0.0.0 Tested on: Windows Vista SP1...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2020-41461)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in the MySQL Server 5.7.29 and earlier and Server: Replication component of Oracle MySQL 8.0.19 and earlier. An...

CVE-2020-14567

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

UBUNTU-CVE-2020-14567

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...