[SECURITY] Fedora 41 Update: redict-7.3.2-1.fc41

Redict is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

Important: Red Hat Security Advisory: VolSync 0.10.2 for RHEL 9

VolSync v0.10.2 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: VolSync 0.11.1 for RHEL 9

VolSync v0.11.1 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

[SECURITY] Fedora 40 Update: redis-7.2.7-1.fc40

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 41 Update: valkey-8.0.2-1.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

Cleartext Transmission Of Sensitive Information

Keycloak is vulnerable to plain text replication. The vulnerability is due to the environment option KCCACHEEMBEDDEDMTLSENABLED not functioning as intended, resulting in JGroups replication configuration always using plain text, which allows attackers on adjacent networks to intercept and read...

Keycloak 25.0.x < 26.0.6 Information Disclosure (GHSA-6mpx-pmgp-ww49)

Keycloak versions installed prior to 26.0.6 are affected by an information disclosure vulnerability as referenced in the advisory. - A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in...

CVE-2024-10973 Keycloak: cli option for encrypted jgroups ignored

A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information...

CVE-2024-10973

Keycloak vulnerability CVE-2024-10973: the KC_CACHE_EMBEDDED_MTLS_ENABLED environment option does not work and JGroups replication is used in plain text, allowing an attacker on adjacent networks to read sensitive information. The issue affects Keycloak deployments relying on this configuration; ...

SUSE SLES12 Security Update : postgresql, postgresql16, postgresql17 (SUSE-SU-2024:4052-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4052-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql, postgresql16, postgresql17 (SUSE-SU-2024:4063-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4063-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Rela...

Upgrade to Veeam Backup & Replication 12.3 Fails During "Step 1 of 7: Installing PostgreSQL server 15.10-1..."

Article Applicability The issue described in this article only occurred when using the initial Veeam Backup & Replication 12.3 ISO named VeeamBackup&Replication12.3.0.31020241201.iso. On 2024-12-16, a new ISO VeeamBackup&Replication12.3.0.31020241211.iso was made available, which contains a check...

MAL-2024-11688 Malicious code in replication-delay-client111 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in replication-delay-client111 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Veeam Backup and Replication 12.x < 12.3.0.310 Multiple Vulnerabilities (December 2024) (KB4693)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.0.310. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server...

SUSE-SU-2024:4173-1 Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane...

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...

CVE-2024-42453

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...

CVE-2024-42451

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes...