General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This can be used to overwrite existing NetBackup log files. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. A vulnerability in the way NetBackup validates the path to a DLL prior to loading may allow a lower level user to elevate privileges and compromise the system.Īn issue was discovered in Veritas NetBackup before 8.3.0.2. ![]() lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.Īn issue was discovered in Veritas NetBackup before 10.0. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.Īn issue was discovered in the Linux kernel before 5.13.3. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. The fixed versions for this CVE Record are 4.3.6, 4.4.3, and 4.5.3 however, CVE-2023-28859 is a separate vulnerability.Īn issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. Redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this issue exists because of an incomplete fix for CVE-2023-28858. ![]() ![]() Redis-py through 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a non-pipeline operation), and can send response data to the client of an unrelated request. In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1 and amp_init2 are supposed to have an intentionally invalid element, but do not. In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption.
0 Comments
Leave a Reply. |