Linux Distros Unpatched Vulnerability : CVE-2023-45145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided...

OESA-2024-2230 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...

BIT-KEYDB-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

Important: redis

Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...

AZL-31653 CVE-2023-45145 affecting package redis for versions less than 6.2.14-1

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

mds-account-de-skr04 (>=6.2.5 <=6.2.6), trytoncalidae-authentication-dummy (=6.2.0) +179 more potentially affected by CVE-2022-26662 via trytond (=6.2.14)

trytond PYPI version =6.2.14 is affected by a known vulnerability. The following packages have a transitive dependency on trytond and may be impacted: - mds-account-de-skr04 =6.2.5, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.1 - trytond-account-credit-limit =6.2.0 - trytond-account-de-skr03...

mds-account-de-skr04 (>=6.2.5 <=6.2.6), trytoncalidae-authentication-dummy (=6.2.0) +179 more potentially affected by CVE-2022-26661 via trytond (=6.2.14)

trytond PYPI version =6.2.14 is affected by a known vulnerability. The following packages have a transitive dependency on trytond and may be impacted: - mds-account-de-skr04 =6.2.5, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.1 - trytond-account-credit-limit =6.2.0 - trytond-account-de-skr03...

CVE-2018-7431

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files v...

Splunk Enterprise XSS Vulnerability (SP-CAAAPZ3)

Splunk Enterprise is prone to a persistent cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting

secunet Security Networks AG Security Advisory Advisory: Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date published: 2015-09-14 CVSSv2 Score: 3,5...

PT-2011-1331 · Cre Loaded · Cre Loaded

Name of the Vulnerable Software and Affected Versions: CRE Loaded versions prior to 6.2.14 Description: The issue allows remote attackers to bypass authentication and gain administrator privileges. This is related to a modified PHP SELF variable, which is not properly handled by includes in the...

Vulnerability in Sawmill for Solaris v. 6.2.14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 = Warped Force Advisory 2 = Subject: Vulnerability in Sawmill for Solaris v. 6.2.14 Author: darky0da [email protected] Discovered: 2.8.02 Announced to BugTraq: 2.11.02 Vendor Status: Vendor notified on 2.9.02 and verified issue. Upgrade v. 6.2.15...