A vulnerability has been discovered in Veeam Backup & Replication, which could allow for arbitrary code execution. Veeam Backup & Replication is a comprehensive data protection and disaster recovery solution. With Veeam Backup & Replication, you can create image-level backups of virtual, physical and cloud machines and restore from them. Exploitation of this vulnerability requires authentication to the domain but could result in arbitrary code execution. Data such as backups and images could be compromised.
Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not
properly handle certain return codes when authentication was not possible.
An attacker could possibly use this issue to bypass authentication. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531)
It was discovered that PAM-PKCS#11 did not require a private key signature
for authentication by default. An attacker could possibly use this issue
to bypass authentication. (CVE-2025-24032)
A vulnerability has been discovered in AMI MegaRAC Software, which could allow for remote code execution. MegaRAC is a product line of BMC firmware packages and formerly service processors providing out-of-band, or lights-out remote management of computer systems. Successful exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage / bricking), and indefinite reboot loops that a victim cannot stop.
It was discovered that go-gh incorrectly handled authentication
tokens. An attacker could possibly use this issue to leak
authentication tokens to the wrong host. (CVE-2024-53859)
Posted by Apple Product Security via Fulldisclosure on Mar 20
APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2
iOS 18.3.2 and iPadOS 18.3.2 addresses the following issues.
Information about the security content is also available at https://support.apple.com/122281.
Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and…
Ivan Fratric discovered that Libxslt incorrectly handled certain memory
operations when handling documents. A remote attacker could use this issue
to cause Libxslt to crash, resulting in a denial of service, or possibly
execute arbitrary code.
