Backup Failing With `Too many snapshots` When Using Longhorn as a Storage Provisioner
Veeam Support Knowledge Base answer to: Backup Failing With Too many snapshots When Using Longhorn as a Storage...
7.1AI Score
electronic-direct.de Cross Site Scripting vulnerability OBB-3889041
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 41.0.7 of cryptography package is vulnerable to CVE-2023-50782. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python Cryptographic Authority cryptography.....
7.5CVSS
6.4AI Score
0.001EPSS
Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress...
8.1CVSS
6.1AI Score
0.001EPSS
Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct...
7.3CVSS
7.1AI Score
0.001EPSS
A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been...
5.5CVSS
5.5AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale
Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details ** CVEID: CVE-2012-6708 DESCRIPTION: **jQuery is vulnerable to cross-site...
6.1CVSS
9.8AI Score
0.008EPSS
Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale
Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details ** CVEID:....
7.5CVSS
8.2AI Score
0.008EPSS
4.7CVSS
4.7AI Score
0.0005EPSS
libvirt security and bug fix update
An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...
6.2CVSS
7.3AI Score
0.001EPSS
NETGEAR Devices Password Disclosure Vulnerability
Multiple NETGEAR devices are prone to an admin password disclosure ...
8.1CVSS
8.3AI Score
0.973EPSS
Security Bulletin: Vulnerability in PostgreSQL affects IBM Storage Scale (CVE-2024-1597)
Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which affects IBM Storage Scale GUI. Vulnerability Details ** CVEID: CVE-2024-1597 DESCRIPTION: **PostgreSQL JDBC Driver (PgJDBC) is vulnerable to SQL injection. A remote attacker could send specially...
10CVSS
9.7AI Score
0.001EPSS
Summary The Python cryptography package which provides both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions, is used by IBM Ansible plug-in. This library is vulnerable to CVE-2024-26130....
7.5CVSS
6.3AI Score
0.0004EPSS
How to Connect to an Object Storage Repository via AWS Privatelink / Direct Connect
This article documents how to configure Veeam Backup & Replication to use AWS PrivateLink or AWS Direct Connect for Scale-Out Backup Repository offload to Capacity Tier or Archive...
6.9AI Score
8CVSS
8.4AI Score
0.009EPSS
Zyxel NAS Firmware 5.21- Remote Code Execution
'Multiple Zyxel network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using.....
9.8CVSS
10AI Score
0.968EPSS
SolarWinds Storage Resource Monitor / SolarWinds Storage Manager Detection (credentialed check)
SolarWinds Storage Resource Monitor (formerly SolarWinds Storage Manager), a web-based storage management application, was detected on the remote...
1AI Score
Moderate: libvirt security and bug fix update
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fixes: libvirt: off-by-one error in udevListInterfacesByStatus()...
6.2CVSS
6.9AI Score
0.001EPSS
This article describes Security Context Constraints(SCC) capabilities that need to be added to use Generic Backup and Restore feature capabilities on OCP 4.11 and...
7AI Score
Moderate: libvirt security update
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): libvirt: NULL pointer dereference in...
5CVSS
6.7AI Score
0.0004EPSS
Stratus ftScalable Storage SLP Detection
The remote host indicates that it is a Stratus ftScalable SAN via its SLP attribute...
7AI Score
source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller
source-controller leaks Azure Storage SAS token into logs in...
5.1CVSS
6.4AI Score
0.0004EPSS
HPE Smart Storage Administrator Installed
HPE Smart Storage Administrator, an enterprise storage controller management application, is installed on the remote Windows...
1.6AI Score
Sitecom Devices Hard-Coded Credentials (Telnet)
The remote Sitecom Device is using known hard-coded ...
7.5AI Score
libvirt security and bug fix update
[10.0.0-6.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6.2.el9_4] - qemu: Fix migration with custom XML (RHEL-32654) [10.0.0-6.1.el9_4] - Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441, RHEL-25081) - remote: check for negative array lengths before...
6.2CVSS
8.3AI Score
0.001EPSS
Lenovo ThinkSystem Storage SLP Detection
The remote host indicates that it is a Lenovo ThinkSystem SAN via its SLP attribute...
7AI Score
The remote host indicates that it is an HPE MSA Storage SAN via its SLP attribute...
7.1AI Score
Using Electronic Health Records (EHRs) for Healthcare Data Extraction
Electronic health records (EHRs) have become crucial tools for storing and managing patient information. These digital records...
7.4AI Score
Multiple Linksys Devices Multiple RCE Vulnerabilities
Multiple Linksys devices are prone to multiple remote code execution (RCE)...
7.7AI Score
Using Object Storage with Veeam Products
Support for S3 and S3-compatible, versioning is not required unless using object lock. With Azure Blob versioning, soft-delete, change feed, point in time restore, and immutability are not...
2.7AI Score
Impact What kind of vulnerability is it? Who is impacted? Storage credentials are written to the console. Patches Has the problem been patched? Yes, see #3589 What versions should users upgrade to? - Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77 - No release has...
7.1AI Score
Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692....
8.4CVSS
10AI Score
0.003EPSS
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System GUI, which could allow a remote attacker to cause a denial of service. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to...
5.9CVSS
6.4AI Score
0.001EPSS
Security Bulletin: Multiple Linux Kernel vulnerabilities affects IBM Storage Scale System.
Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a denial of service. Fixes for these vulnerabilities are available. CVE-2023-5178, CVE-2023-3609, CVE-2023-45871, CVE-2023-4732, CVE-2023-1192. Vulnerability Details ** CVEID:...
8.8CVSS
9.2AI Score
0.024EPSS
gix refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...
5.4CVSS
7.1AI Score
0.0004EPSS
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details **...
7.5CVSS
6.9AI Score
0.001EPSS
ShareFile Storage Zones Controller Installed (Windows)
Citrix ShareFile Storage Zones Controller was detected on the remote Windows host. ShareFile is a secure content collaboration, file sharing and sync solution. Storage Zones Controller provides private data storage, either an on-premises network share that you manage or a supported third-party...
0.9AI Score
Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details ** CVEID: CVE-2024-23672 DESCRIPTION: **Apache Tomcat is vulnerable to a denial of...
7.5AI Score
0.0004EPSS
SolarWinds Storage Manager AuthenticationFilter RCE Vulnerability
SolarWinds Storage Manager is prone to a remote code execution (RCE)...
7.8AI Score
Releases Ubuntu 24.04 LTS Packages libvirt - Libvirt virtualization toolkit Details Martin Širokov discovered that libvirt incorrectly handled certain memory operations. A local attacker could possibly use this issue to access virtproxyd without...
6.2CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: Vulnerability in node.js package affects IBM Storage Scale GUI (CVE-2023-42282)
Summary There is a vulnerability in node.js package, used by IBM Storage Scale GUI. Fix for this issue is available in all versions. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a...
9.8CVSS
9.8AI Score
0.001EPSS
ShareFile Storage Zones Controller Web Detection
The web interface for Citrix ShareFile Storage Zones Controller was detected on the remote host. ShareFile is a secure content collaboration, file sharing and sync solution. Storage Zones Controller provides private data storage, either an on-premises network share that you manage or a supported...
0.7AI Score
D-Link DNS Devices RCE Vulnerability (SAP10183)
D-Link DNS-320 devices are prone to a remote code execution (RCE)...
9.8CVSS
9.7AI Score
0.974EPSS
Multiple DVR Devices Multiple Vulnerabilities (Feb 2016)
Multiple Digital Video Recorder (DVR) devices are prone to authentication bypass and remote code execution (RCE)...
8.8AI Score
gix refs and paths with reserved Windows device names access the devices
Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...
5.4CVSS
7.1AI Score
0.0004EPSS
CVE-2024-36497 Unhashed Storage of Password
The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect...
0.0004EPSS
IBM Spectrum Protect / Tivoli Storage Manager Installed
IBM Spectrum Protect, formerly known as Tivoli Storage Manager, a backup and data protection server, is installed on the remote Windows...
2.3AI Score
IBM Tivoli Storage Manager Client Installed (Linux)
IBM Tivoli Storage Manager Client, a backup management client, is installed on the remote Linux...
1.2AI Score
CVE-2024-36497 Unhashed Storage of Password
The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect...
7AI Score
0.0004EPSS
[10.0.0-6.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6] - qemu: virtiofs: do not crash if cgroups are missing (RHEL-7386) - qemu: virtiofs: set correct label when creating the socket (RHEL-7386) - qemu: virtiofs: error out if getting the group or user name fails...
5CVSS
7.3AI Score
0.0004EPSS