39 matches found
ots has a negative expire override that can bypass its secret retention policy
Summary The /api/create endpoint accepted negative expire query values. For the memory storage backend, negative values were passed to secret creation as a negative duration and treated as no expiry, allowing callers to create secrets that persisted longer than intended. Impact Unauthenticated...
EUVD-2016-7034
Malware in sbrugna...
SharePoint and OneDrive Items May Not Be Displayed
Article Applicability The solution provided in this article requires Veeam Backup for Microsoft 365 8.1 or higher. The issue discussed in this article only occurs under particular circumstances. Review the Cause section closely. This article is marked as related to Veeam Backup for Microsoft 365 ...
Dell ECS Buffer Overflow Vulnerability
Dell ECS Elastic Cloud Storage is an enterprise-class cloud-scale object storage platform from Dell Technologies. A buffer overflow vulnerability exists in Dell ECS. The vulnerability is due to an arithmetic overflow in the ECS's retention period processing. An attacker could exploit the...
CVE-2024-51540
Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete...
Harbor 授权问题漏洞
Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policies and role-based access control to ensure that images are scanned and are not vulnerable, and that images are signed as trusted. Harbor suffers from an authorization issue vulnerability that stems fr...
Release Information for Veeam Backup for Microsoft Azure 7 Cumulative Patches
Requirements Please confirm that you are running version Veeam Backup for Microsoft Azure v7 build 7.0.0.467 or later before upgrading. You can find the currently installed build number Product version in the About section under Configuration | Support Information | Updates. After installing Veea...
TotalCloud Container Security Best Practices
Qualys Container Security CS, an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications. Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team familiarize...
PT-2022-20883 · Harbor · Harbor
Name of the Vulnerable Software and Affected Versions: Harbor versions prior to 2.5.2 Description: Harbor fails to validate user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently...
Description of the security update for SharePoint Server Subscription Edition: February 8, 2022 (KB5002145)
Description of the security update for SharePoint Server Subscription Edition: February 8, 2022 KB5002145 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, Microsoft SharePoint Server spoofing vulnerability, and Microsoft SharePoint Server...
Fedora: Security Advisory for btrbk (FEDORA-2022-a66734e7a2)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: btrbk-0.31.3-1.fc35
Backup tool for btrfs sub-volumes, using a configuration file, allows creation of backups from multiple sources to multiple destinations, with ssh and flexible retention policy support hourly, daily, weekly, monthly...
[SECURITY] Fedora 34 Update: btrbk-0.31.3-1.fc34
Backup tool for btrfs sub-volumes, using a configuration file, allows creation of backups from multiple sources to multiple destinations, with ssh and flexible retention policy support hourly, daily, weekly, monthly...
Fedora: Security Advisory for btrbk (FEDORA-2022-dc62389784)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Veeam Backup for Microsoft 365 retention policy miscalculation causing data loss
Challenge When you have deployed Veeam Backup for Microsoft 365, use snapshot-based retention and storing data on a Jet Database-based repository then your solution might mistakenly remove restore points of Exchange data that are still valid. This applies to versions 5.0 Day 0 Update and earlier...
How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs
Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and...
Qualys Cloud Platform (VM, PC) 8.16 New Features
This new release of the Qualys Cloud Platform VM, PC, version 8.16, contains several new improvements in Qualys Vulnerability Management and Qualys Policy Compliance, which includes new password security option, increased limit for virtual hosts that can be added to a subscription, added support...
Security Bulletin: IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management vulnerable to cross-site request forgery (CSRF)
Summary The "notice confirmation" functionality in IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite, is impacted by a vulnerability that allows cross-site request forgery. Both products have addressed this...
Security Bulletin: OpenSource Apache Taglibs Vulnerability affects Atlas Policy Suite (CVE-2015-0254)
Summary Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection XXE error when processing XML data. Vulnerability Details CVEID: CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to...
CVE-2016-6100
IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that th...