CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/08/22 7:42 p.m.•18 views

BIT-VALKEY-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

6.5CVSS6.2AI score0.0504EPSS

Exploits0References6

OSV•added 2024/08/22 7:25 p.m.•20 views

BIT-KEYDB-2022-36021 Redis string pattern matching can be abused to achieve Denial of Service

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

5.5CVSS6AI score0.60647EPSS

Exploits0References3

OSV•added 2024/08/22 7:24 p.m.•16 views

BIT-KEYDB-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.

6.5CVSS6.2AI score0.0504EPSS

Exploits0References6

OpenVAS•added 2024/03/15 12:0 a.m.•60 views

VMware Spring Framework < 5.3.33, 6.0.x < 6.0.18, 6.1.x < 6.1.5 SSRF Vulnerability - Linux

The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.1CVSS6.6AI score0.59593EPSS

Exploits1References2

OSV•added 2024/03/06 11:4 a.m.•29 views

BIT-REDIS-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.

6.5CVSS6.2AI score0.0504EPSS

Exploits0References6

7.8CVSS8.1AI score0.01788EPSS

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. There is a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remote code execution. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.18,...

OSV•added 2023/06/14 12:0 a.m.•34 views

ALSA-2023:3581 Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The...

7.5CVSS8AI score0.01159EPSS

Exploits0References10

7.3CVSS7.1AI score0.00873EPSS

Arbitrary Code Execution

Overview runtime.win-x64.Microsoft.NETCore.App is an internal implementation package not meant for direct consumption Affected versions of this package are vulnerable to Arbitrary Code Execution. A vulnerability exists in .NET during crash and stack trace scenarios that could lead to loading...

OpenVAS•added 2023/06/14 12:0 a.m.•33 views

.NET Core Multiple Vulnerabilities - Windows

.NET Core is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:asp.netcore";...

7.8CVSS8.4AI score0.01788EPSS

6.5CVSS6.9AI score0.00166EPSS

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET using extracting the contents of a Tar file which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 6.0.18, 7.0.7 or higher...

7.5CVSS6.9AI score0.01159EPSS

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to version 6.0.18,...

AlmaLinux•added 2023/06/14 12:0 a.m.•65 views

Important: .NET 6.0 security, bug fix, and enhancement update

7.5CVSS7.8AI score0.01159EPSS

Exploits0References10

7.5CVSS7.1AI score0.01128EPSS

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

6.5CVSS6.9AI score0.00166EPSS

Privilege Escalation

7.5CVSS9AI score0.01159EPSS

Privilege Escalation

7.5CVSS7.1AI score0.01128EPSS

Denial of Service (DoS)

7.8CVSS8.1AI score0.00986EPSS

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in how WPF applications load and render XPS documents which may result in remote code execution. Remediation Upgrade Microsoft.WindowsDesktop.App.Runtime.win-x64 to version 6.0.18, 7.0.7...

Snyk•added 2023/06/14 12:0 a.m.•1 views

Remote Code Execution (RCE)

7.8CVSS8.1AI score0.00986EPSS

7.3CVSS7.5AI score0.00873EPSS

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. A vulnerability exists in .NET during crash and stack trace scenarios that could lead to loading arbitrary binaries. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.18, 7.0.7 or higher...