780 matches found
PT-2024-39486 · Unknown · Enpass Password Manager
Name of the Vulnerable Software and Affected Versions: Enpass Password Manager versions up to 6.9.5 Description: A vulnerability has been found in Enpass Password Manager, which affects some unknown processing and leads to cleartext storage of sensitive information in memory. The manipulation...
The vulnerability of the ColdFusion software platform, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.
The vulnerability of the ColdFusion software platform lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created malicious file...
BIT-VALKEY-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...
BIT-VALKEY-2022-24736 A Malformed Lua script can crash Redis
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...
BIT-VALKEY-2022-24834 Heap overflow issue with the Lua cjson library used by Redis
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...
BIT-VALKEY-2023-28425 Specially crafted MSETNX command can lead to denial-of-service
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...
BIT-VALKEY-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...
BIT-VALKEY-2023-36824 Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...
BIT-VALKEY-2023-41053 Redis SORT_RO may bypass ACL configuration
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...
BIT-VALKEY-2023-41056 Redis vulnerable to integer overflow in certain payloads
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4...
BIT-VALKEY-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
BIT-KEYDB-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...
BIT-KEYDB-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
Relating IntelliCache and In-memory Read Caching
Introduced in XenServer 5.6 SP1, IntelliCache is designed to reduce the volume of storage I/O hitting the network and the storage repository SR shared with other hosts. Introduced in XenServer 6.5, in-memory read-caching is designed to reduce the volume of storage I/O hitting an SR and reduce I/O...
PT-2024-9863 · Sap · Sap Gui For Windows
Name of the Vulnerable Software and Affected Versions: SAP GUI for Windows affected versions not specified Description: The issue is related to the SAP GUI for Windows, where under certain conditions, the memory contains the password used to log on to an SAP system. This could allow an attacker t...
CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...
PT-2024-21354 · Kape · Cyberghostvpn
Name of the Vulnerable Software and Affected Versions: Kape CyberGhostVPN version 8.4.3.12823 Description: An issue was discovered where user credentials remain in memory after a successful logout, while the process is still open. These credentials can be obtained by dumping the process memory an...
ROS-20240424-01
A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...
AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AVideo WWBNIndex Plugin Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated remote code execution RCE vulnerability ...
ROS-20240521-05
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...