Toshiba Electronic Devices & Storage Corporation Security Vulnerabilities

Backup Failing With `Too many snapshots` When Using Longhorn as a Storage Provisioner

Veeam Support Knowledge Base answer to: Backup Failing With Too many snapshots When Using Longhorn as a Storage...

electronic-direct.de Cross Site Scripting vulnerability OBB-3889041

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package

Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 41.0.7 of cryptography package is vulnerable to CVE-2023-50782. Vulnerability Details ** CVEID: CVE-2023-50782 DESCRIPTION: **Python Cryptographic Authority cryptography.....

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to phishing attacks and cross-site request forgery due to follow-redirects and Axios.

Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct...

CVE-2023-2872

A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been...

Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale

Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details ** CVEID: CVE-2012-6708 DESCRIPTION: **jQuery is vulnerable to cross-site...

Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale

Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details ** CVEID:....

CVE-2022-30187

Azure Storage Library Information Disclosure...

libvirt security and bug fix update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...

NETGEAR Devices Password Disclosure Vulnerability

Multiple NETGEAR devices are prone to an admin password disclosure ...

Security Bulletin: Vulnerability in PostgreSQL affects IBM Storage Scale (CVE-2024-1597)

Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which affects IBM Storage Scale GUI. Vulnerability Details ** CVEID: CVE-2024-1597 DESCRIPTION: **PostgreSQL JDBC Driver (PgJDBC) is vulnerable to SQL injection. A remote attacker could send specially...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the Python Cryptographic Authority package

Summary The Python cryptography package which provides both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions, is used by IBM Ansible plug-in. This library is vulnerable to CVE-2024-26130....

How to Connect to an Object Storage Repository via AWS Privatelink / Direct Connect

This article documents how to configure Veeam Backup & Replication to use AWS PrivateLink or AWS Direct Connect for Scale-Out Backup Repository offload to Capacity Tier or Archive...

CVE-2024-20676

Azure Storage Mover Remote Code Execution...

Zyxel NAS Firmware 5.21- Remote Code Execution

'Multiple Zyxel network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using.....

SolarWinds Storage Resource Monitor / SolarWinds Storage Manager Detection (credentialed check)

SolarWinds Storage Resource Monitor (formerly SolarWinds Storage Manager), a web-based storage management application, was detected on the remote...

Moderate: libvirt security and bug fix update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fixes: libvirt: off-by-one error in udevListInterfacesByStatus()...

Security Context Constraints(SCC) capabilities setting for Generic Storage Backup and Restore with OCP 4.11 or higher

This article describes Security Context Constraints(SCC) capabilities that need to be added to use Generic Backup and Restore feature capabilities on OCP 4.11 and...

Moderate: libvirt security update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): libvirt: NULL pointer dereference in...

Stratus ftScalable Storage SLP Detection

The remote host indicates that it is a Stratus ftScalable SAN via its SLP attribute...

source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller

source-controller leaks Azure Storage SAS token into logs in...

HPE Smart Storage Administrator Installed

HPE Smart Storage Administrator, an enterprise storage controller management application, is installed on the remote Windows...

Sitecom Devices Hard-Coded Credentials (Telnet)

The remote Sitecom Device is using known hard-coded ...

libvirt security and bug fix update

[10.0.0-6.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6.2.el9_4] - qemu: Fix migration with custom XML (RHEL-32654) [10.0.0-6.1.el9_4] - Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441, RHEL-25081) - remote: check for negative array lengths before...

Lenovo ThinkSystem Storage SLP Detection

The remote host indicates that it is a Lenovo ThinkSystem SAN via its SLP attribute...

HPE MSA Storage SLP Detection

The remote host indicates that it is an HPE MSA Storage SAN via its SLP attribute...

Using Electronic Health Records (EHRs) for Healthcare Data Extraction

Electronic health records (EHRs) have become crucial tools for storing and managing patient information. These digital records...

Multiple Linksys Devices Multiple RCE Vulnerabilities

Multiple Linksys devices are prone to multiple remote code execution (RCE)...

Using Object Storage with Veeam Products

Support for S3 and S3-compatible, versioning is not required unless using object lock. With Azure Blob versioning, soft-delete, change feed, point in time restore, and immutability are not...

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output

Impact What kind of vulnerability is it? Who is impacted? Storage credentials are written to the console. Patches Has the problem been patched? Yes, see #3589 What versions should users upgrade to? - Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77 - No release has...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to the use of IBM Db2

Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692....

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Storage Scale packaged in IBM Storage Scale System

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System GUI, which could allow a remote attacker to cause a denial of service. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to...

Security Bulletin: Multiple Linux Kernel vulnerabilities affects IBM Storage Scale System.

Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a denial of service. Fixes for these vulnerabilities are available. CVE-2023-5178, CVE-2023-3609, CVE-2023-45871, CVE-2023-4732, CVE-2023-1192. Vulnerability Details ** CVEID:...

gix refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details **...

ShareFile Storage Zones Controller Installed (Windows)

Citrix ShareFile Storage Zones Controller was detected on the remote Windows host. ShareFile is a secure content collaboration, file sharing and sync solution. Storage Zones Controller provides private data storage, either an on-premises network share that you manage or a supported third-party...

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details ** CVEID: CVE-2024-23672 DESCRIPTION: **Apache Tomcat is vulnerable to a denial of...

SolarWinds Storage Manager AuthenticationFilter RCE Vulnerability

SolarWinds Storage Manager is prone to a remote code execution (RCE)...

libvirt vulnerability

Releases Ubuntu 24.04 LTS Packages libvirt - Libvirt virtualization toolkit Details Martin Širokov discovered that libvirt incorrectly handled certain memory operations. A local attacker could possibly use this issue to access virtproxyd without...

Security Bulletin: Vulnerability in node.js package affects IBM Storage Scale GUI (CVE-2023-42282)

Summary There is a vulnerability in node.js package, used by IBM Storage Scale GUI. Fix for this issue is available in all versions. Vulnerability Details ** CVEID: CVE-2023-42282 DESCRIPTION: **Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a...

ShareFile Storage Zones Controller Web Detection

The web interface for Citrix ShareFile Storage Zones Controller was detected on the remote host. ShareFile is a secure content collaboration, file sharing and sync solution. Storage Zones Controller provides private data storage, either an on-premises network share that you manage or a supported...

D-Link DNS Devices RCE Vulnerability (SAP10183)

D-Link DNS-320 devices are prone to a remote code execution (RCE)...

Multiple DVR Devices Multiple Vulnerabilities (Feb 2016)

Multiple Digital Video Recorder (DVR) devices are prone to authentication bypass and remote code execution (RCE)...

gix refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

CVE-2024-36497 Unhashed Storage of Password

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect...

IBM Spectrum Protect / Tivoli Storage Manager Installed

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, a backup and data protection server, is installed on the remote Windows...

IBM Tivoli Storage Manager Client Installed (Linux)

IBM Tivoli Storage Manager Client, a backup management client, is installed on the remote Linux...

CVE-2024-36497 Unhashed Storage of Password

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect...

libvirt security update

[10.0.0-6.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6] - qemu: virtiofs: do not crash if cgroups are missing (RHEL-7386) - qemu: virtiofs: set correct label when creating the socket (RHEL-7386) - qemu: virtiofs: error out if getting the group or user name fails...