[SECURITY] Fedora 40 Update: redis-7.2.6-1.fc40

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Fixed vulnerabilities in several Veeam products.

Veeam has fixed vulnerabilities in several products, including Backup & Replication, ONE, Service Provider Console and Agent. UPDATE: POC code is now available online and CVE-2024-40711 has recently been actively abused to roll out ransomware. A malicious party can exploit the vulnerabilities to...

Guest OS File Restore Fails on Self-Referencing Junction Points

Challenge Using Guest OS File Restore to restore a folder containing a junction point that redirects back to the initial folder fails with the error: Win32 error:The name of the file cannot be resolved by the system. Code: 1921 For example, attempting to restore a user's AppData folder the restor...

Granular sudo Permissions for Management of Veeam Agent for Oracle Solaris

Purpose This article provides examples of granular 'sudo' configuration for the Linux account that will be used by Veeam Backup & Replication when managing Veeam Agent for Oracle Solaris deployments with a Protection Group. Solution The following granular sudo permissions were tested with Veeam...

Granular sudo Permissions for Management of Veeam Agent for IBM AIX

Purpose This article provides examples of granular 'sudo' configuration for the Linux account that will be used by Veeam Backup & Replication when managing Veeam Agent for IBM AIX deployments with a Protection Group. Solution The following granular sudo permissions were tested with Veeam Agent fo...

Release Information for Veeam Backup for Nutanix AHV Plug-In Hotfix (12.6.0.636)

Requirements To upgrade to Veeam Backup for Nutanix AHV 6.1, download the installer below and run it on the Veeam Backup & Replication server that manages the AHV Backup Appliances. The Veeam Backup for Nutanix AHV 6.1 Plug-In must be installed before updating the Nutanix AHV Backup Appliance. Yo...

Granular sudo Permissions for Management of Hardened Repository

Purpose This article documents the granular sudo permissions required to allow Veeam Backup & Replication to deploy and manage a Hardened Repository. Solution Account Requirements The Linux user account used by Veeam Backup & Replication to deploy and manage the Hardened Repository must use the...

Release Information for Veeam Backup for Nutanix AHV 6.1

This update has been superseded by Veeam Backup for Nutanix AHV 7.0, which was released alongside and supports only Veeam Backup & Replication 12.3. Requirements To upgrade to Veeam Backup for Nutanix AHV 6.1, download the installer below and run it on the Veeam Backup & Replication server that...

[SECURITY] [DLA 3890-1] galera-4 new upstream version

------------------------------------------------------------------------- Debian LTS Advisory DLA-3890-1 [email protected] https://www.debian.org/lts/security/ Otto Kekäläinen September 17, 2024 https://wiki.debian.org/LTS -...

Exploit for Deserialization of Untrusted Data in Veeam Veeam_Backup_\&_Replication

CVE-2024-40711 Exploit for Veeam backup and Replication Pre-A...

KB5042749 - Description of the security update for SQL Server 2019 CU28: September 10, 2024

KB5042749 - Description of the security update for SQL Server 2019 CU28: September 10, 2024 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More...

KB5042217 - Description of the security update for SQL Server 2017 GDR: September 10, 2024

KB5042217 - Description of the security update for SQL Server 2017 GDR: September 10, 2024 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary Th...

Multiple Vulnerabilities in Veeam Backup & Replication

On Wednesday, September 4, 2024, backup and recovery software provider Veeam released their September security bulletin disclosing various vulnerabilities in Veeam products. One of the higher-severity vulnerabilities included in the bulletin is CVE-2024-40711, a critical unauthenticated remote co...

CVE-2024-40713

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication MFA settings and bypass MFA...

CVE-2024-42019

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication...

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...

CVE-2024-40713

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication MFA settings and bypass MFA...

CVE-2024-42019

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication...