780 matches found
The vulnerability of the Citrix NetScaler Application Delivery Controller (previously Citrix ADC) and the Citrix NetScaler Gateway (previously Citrix Gateway) access control systems lies in the fact that operations are executed outside of the buffer in memory, allowing attackers to cause service failures.
The vulnerability of the Citrix NetScaler Application Delivery Controller previously Citrix ADC and the Citrix NetScaler Gateway previously Citrix Gateway access control system lies in the escape of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cau...
PT-2024-22764 · Sharp +1 · Multiple Mfps
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves user passwords being decrypted and stored in memory before any user logs in. These decrypted passwords can be retrieved from the...
PT-2024-23174 · Sharp +1 · Multiple Mfps
Name of the Vulnerable Software and Affected Versions: Product name affected versions not specified Description: The issue involves user passwords being decrypted and stored in memory before any user logs in. These decrypted passwords can be retrieved from the coredump file. Recommendations: At t...
Important: Red Hat Security Advisory: Red Hat Data Grid 8.5.2 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the fact that under certain circumstances, a user's password is stored in session data in a...
jenkins: Item creation restriction bypass vulnerability
A flaw was found in Jenkins. When attempting to create an item prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API, if either of these checks fail, Jenkins creates the item in memory and only deletes it from disk. This may...
jenkins: Item creation restriction bypass vulnerability
A flaw was found in Jenkins. When attempting to create an item prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API, if either of these checks fail, Jenkins creates the item in memory and only deletes it from disk. This may...
jenkins: Item creation restriction bypass vulnerability
A flaw was found in Jenkins. When attempting to create an item prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API, if either of these checks fail, Jenkins creates the item in memory and only deletes it from disk. This may...
jenkins: Item creation restriction bypass vulnerability
A flaw was found in Jenkins. When attempting to create an item prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API, if either of these checks fail, Jenkins creates the item in memory and only deletes it from disk. This may...
[SECURITY] Fedora 40 Update: valkey-8.0.1-1.fc40
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...
Incorrect Privilege Assignment
github.com/hashicorp/vault is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to the mishandling of entries in an in-memory cache, a privileged operators could manipulate their cached record through an API endpoint on a node, potentially escalating their privileges to the...
[SECURITY] Fedora 41 Update: valkey-8.0.1-1.fc41
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...
[SECURITY] Fedora 39 Update: redis-7.2.6-1.fc39
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
[SECURITY] Fedora 40 Update: redis-7.2.6-1.fc40
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
The vulnerability of the Remote Desktop Licensing Service for Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the Remote Desktop Licensing Service for Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
H2O 安全漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. H2O suffers from a security vulnerability that stems from a possible crash due to assertion failure when configured as a reverse proxy and a client cancels an HTTP/3 request, which can be exploited by ...
In-memory Data Management Caching Tools: A Guide to the Best Options
In-memory data management caching tools store frequently accessed data in memory, which significantly improves performance by reducing how often the database needs to be accessed...
BIT-KEYDB-2024-31449 Lua library commands may lead to stack overflow and RCE in Redis
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scriptin...
CVE-2024-31449
A flaw was found in Redis. This flaw allows an authenticated user to use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. Mitigation Mitigation for this...
Enpass Password Manager 安全漏洞
Enpass Password Manager is a cross-platform offline password manager from Enpass. A security vulnerability exists in Enpass Password Manager version 6.9.5 and earlier versions, which originates from sensitive information being stored in memory in plaintext...