PT-2024-9472 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: The issue is related to insecure deserialization in Veeam Backup & Replication, allowing a low-privileged user to connect to remoting services and exploit this...

Virtuozzo Hybrid Infrastructure 6.2 Hotfix 3 (6.2.0-146)

This update provides stability fixes. Vulnerability id: VSTOR-86571 VM live migration failed due to a missing snapshot traceback. Vulnerability id: VSTOR-87531, VSTOR-89251 Stability fixes for the hypervisor. Vulnerability id: VSTOR-88449 An error is triggered after disabling account replication...

Usage of Service SIDs and IIS Application Pools in StoreFront

This article contains information about the usage of Windows Service account SIDs and Application Pool Identities to secure Receiver StoreFront. Requirements Ensure that the existing infrastructure supports the StoreFront system requirement mentioned in the following link: System requirements for...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

...

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...

CVE-2024-22277

CVE-2024-22277 affects VMware Cloud Director Availability. An HTML injection vulnerability allows a network-authenticated attacker to craft malicious HTML tags that execute within replication tasks. The issue is addressed by VMware in the 4.7.2 release; advisory indicates affected product lines i...

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...

VMware Cloud Director Availability Security Vulnerability

VMware Cloud Director Availability is a Disaster Recovery-as-a-Service DRaaS solution from VMware, Inc. A security vulnerability exists in VMware Cloud Director Availability that stems from the inclusion of HTML injection, which allows an attacker with network access to craft malicious HTML tags...

PT-2024-5011 · Vmware · Vmware Cloud Director Availability

Name of the Vulnerable Software and Affected Versions: VMware Cloud Director Availability affected versions not specified Description: The issue is related to an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags...

Security Bulletin: An unspecified IBM SDK, Java Technology Edition vulnerability affects InfoSphere Data Replication

Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity impact,...

Security Bulletin: An unspecified IBM SDK, Java Technology Edition vulnerability affects InfoSphere Data Replication

Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CVSS Base score: 3.7...

Security Bulletin: A vulnerability in github.com/containerd/containerd-v1.6.17 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the github.com/containerd/containerd-v1.6.17 package has been addressed. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups insi...

Security Bulletin: A vulnerability in urllib3 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the urllib3 package has been addressed. Vulnerability Details CVEID:CVE-2021-33503 DESCRIPTION: urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw due to catastrophic backtracking. By sending a specially-crafted URL...

Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the Go package has been addressed. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown impact and attack vector. CVSS Base...

Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the Go package has been addressed. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote...

Security Bulletin: A vulnerability in setuptools affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the setuptools package has been addressed. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attack...

Security Bulletin: A vulnerability in urllib3 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the urllib3 package has been addressed. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib3 is vulnerable to CRLF injection, caused by improper validation of user-supplied input by the request parameter. By sending a specially-crafted HTTP response...

Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the containerd package has been addressed. Vulnerability Details CVEID:CVE-2022-31030 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local...