Lucene search
K

780 matches found

Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.3 views

PT-2024-39486 · Unknown · Enpass Password Manager

Name of the Vulnerable Software and Affected Versions: Enpass Password Manager versions up to 6.9.5 Description: A vulnerability has been found in Enpass Password Manager, which affects some unknown processing and leads to cleartext storage of sensitive information in memory. The manipulation...

2.5CVSS6.6AI score0.00135EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.6 views

The vulnerability of the ColdFusion software platform, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.

The vulnerability of the ColdFusion software platform lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created malicious file...

10CVSS6AI score0.30326EPSS
Exploits0References2
OSV
OSV
added 2024/08/22 7:44 p.m.28 views

BIT-VALKEY-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS6.5AI score0.02189EPSS
Exploits1References11
OSV
OSV
added 2024/08/22 7:44 p.m.12 views

BIT-VALKEY-2022-24736 A Malformed Lua script can crash Redis

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

5.5CVSS5.5AI score0.01498EPSS
Exploits1References11
OSV
OSV
added 2024/08/22 7:44 p.m.25 views

BIT-VALKEY-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

8.8CVSS8.1AI score0.4292EPSS
Exploits1References5
OSV
OSV
added 2024/08/22 7:42 p.m.22 views

BIT-VALKEY-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS5.5AI score0.54978EPSS
Exploits0References5
OSV
OSV
added 2024/08/22 7:41 p.m.19 views

BIT-VALKEY-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

6.5CVSS6.2AI score0.00963EPSS
Exploits0References9
OSV
OSV
added 2024/08/22 7:41 p.m.18 views

BIT-VALKEY-2023-36824 Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...

8.8CVSS8.5AI score0.74822EPSS
Exploits0References6
OSV
OSV
added 2024/08/22 7:40 p.m.21 views

BIT-VALKEY-2023-41053 Redis SORT_RO may bypass ACL configuration

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...

3.3CVSS4AI score0.0034EPSS
Exploits0References6
OSV
OSV
added 2024/08/22 7:40 p.m.24 views

BIT-VALKEY-2023-41056 Redis vulnerable to integer overflow in certain payloads

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4...

8.1CVSS8.3AI score0.02582EPSS
Exploits0References7
OSV
OSV
added 2024/08/22 7:40 p.m.20 views

BIT-VALKEY-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS5.5AI score0.00444EPSS
Exploits0References8
OSV
OSV
added 2024/08/22 7:27 p.m.24 views

BIT-KEYDB-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS6.5AI score0.02189EPSS
Exploits1References11
OSV
OSV
added 2024/08/22 7:22 p.m.28 views

BIT-KEYDB-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS6.1AI score0.00444EPSS
Exploits0References8
Citrix
Citrix
added 2024/07/13 12:0 a.m.9 views

Relating IntelliCache and In-memory Read Caching

Introduced in XenServer 5.6 SP1, IntelliCache is designed to reduce the volume of storage I/O hitting the network and the storage repository SR shared with other hosts. Introduced in XenServer 6.5, in-memory read-caching is designed to reduce the volume of storage I/O hitting an SR and reduce I/O...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/08 12:0 a.m.7 views

PT-2024-9863 · Sap · Sap Gui For Windows

Name of the Vulnerable Software and Affected Versions: SAP GUI for Windows affected versions not specified Description: The issue is related to the SAP GUI for Windows, where under certain conditions, the memory contains the password used to log on to an SAP system. This could allow an attacker t...

5CVSS6.9AI score0.00148EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/06/18 5:7 p.m.30 views

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS0.0046EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.4 views

PT-2024-21354 · Kape · Cyberghostvpn

Name of the Vulnerable Software and Affected Versions: Kape CyberGhostVPN version 8.4.3.12823 Description: An issue was discovered where user credentials remain in memory after a successful logout, while the process is still open. These credentials can be obtained by dumping the process memory an...

6.5CVSS6.9AI score0.00601EPSS
Exploits0References5
Redos
Redos
added 2024/05/24 12:0 a.m.33 views

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

7.5CVSS7.3AI score0.14839EPSS
Exploits0
Packet Storm
Packet Storm
added 2024/05/22 12:0 a.m.438 views

AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AVideo WWBNIndex Plugin Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated remote code execution RCE vulnerability ...

7.1AI score0.15635EPSS
Exploits6
Redos
Redos
added 2024/05/21 12:0 a.m.33 views

ROS-20240521-05

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...

7.5CVSS7.1AI score0.17673EPSS
Exploits3
Rows per page
Query Builder