Advisories

USN-6994-1: Netty vulnerabilities

Read Time:18 Second

It was discovered that Netty did not properly sanitize its input
parameters. A remote attacker could possibly use this issue to cause a
crash. (CVE-2023-34462)

It was discovered that Netty incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause Netty to consume
resources, leading to a denial of service. (CVE-2023-44487)

Read More

Advisories

Multiple Vulnerabilities in Veeam Products Could Allow for Remote Code Execution

Read Time:38 Second

Multiple vulnerabilities have been discovered in Veeam Products, the most severe of which could allow for remote code execution.

Veeam Backup & Replication is a proprietary backup app.
Veeam ONE is a solution for managing virtual and data protection environments.
Veeam Service Provider Console provides centralized monitoring and management capabilities for Veeam protected virtual, Microsoft 365, and public cloud workloads.
Veeam Agent for Linux is a backup agent that’s designed Linux Instances.
Veeam Backup for Nutanix.
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization.

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.

Read More

Advisories

clamav-1.0.7-1.fc40

Read Time:25 Second

FEDORA-2024-e8f7a74693

Packages in this update:

clamav-1.0.7-1.fc40

Update description:

Update to 1.0.7

CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.

Read More

News, Advisories and much more

Exit mobile version