It was discovered that Netty did not properly sanitize its input
parameters. A remote attacker could possibly use this issue to cause a
crash. (CVE-2023-34462)
It was discovered that Netty incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause Netty to consume
resources, leading to a denial of service. (CVE-2023-44487)
It was discovered that AIOHTTP did not properly restrict file access when
the ‘follow_symlinks’ option was set to True. A remote attacker could
possibly use this issue to access unauthorized files on the system.
Multiple vulnerabilities have been discovered in Veeam Products, the most severe of which could allow for remote code execution.
Veeam Backup & Replication is a proprietary backup app.
Veeam ONE is a solution for managing virtual and data protection environments.
Veeam Service Provider Console provides centralized monitoring and management capabilities for Veeam protected virtual, Microsoft 365, and public cloud workloads.
Veeam Agent for Linux is a backup agent that’s designed Linux Instances.
Veeam Backup for Nutanix.
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization.
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.