Lucene search
K

780 matches found

Cvelist
Cvelist
added 2024/01/12 10:41 a.m.29 views

CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

9.8CVSS9.8AI score0.01523EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2024/01/12 10:36 a.m.39 views

CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

7.5CVSS7.3AI score0.00704EPSS
Exploits0
NVD
NVD
added 2024/01/10 4:15 p.m.15 views

CVE-2023-41056

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4...

8.1CVSS8.4AI score0.02582EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/01/10 3:37 p.m.68 views

Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...

9.8CVSS8AI score0.01523EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.6 views

PT-2024-1038 · Schneider Electric · Easergy Studio

Name of the Vulnerable Software and Affected Versions: Easergy Studio versions affected versions not specified Description: A deserialization of untrusted data issue exists, allowing an attacker with a user-level account to gain higher privileges by providing a harmful serialized object. This cou...

7.8CVSS7.6AI score0.00421EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/12/25 8:15 a.m.5 views

CVE-2023-49944

The Challenge Response feature of BeyondTrust Privilege Management for Windows PMfW before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature...

6.7CVSS6.7AI score0.00185EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/12/08 12:0 a.m.6 views

Oracle TimesTen In-Memory Database Installed (Windows)

Binary data oracletimestenimdbwininstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/12/04 12:0 a.m.7 views

Oracle TimesTen In-Memory Database Installed (Linux / Unix)

Binary data oracletimestenimdbnixinstalled.nbin...

7.3AI score
Exploits0References1
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.3 views

H2O Security Breach

H2O is an in-memory platform for distributed, scalable machine learning. H2O suffers from a security vulnerability that stems from allowing an unauthorized attacker to access the S3 bucket and execute remote code...

8.7CVSS7AI score0.00855EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.5 views

H2O Security Breach

H2O is an in-memory platform for distributed, scalable machine learning. H2O suffers from a security vulnerability that stems from allowing an attacker to execute remote code via the POJO model import function...

10CVSS7.8AI score0.30567EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.4 views

H2O Security Breach

H2O is an in-memory platform for distributed, scalable machine learning. H2O has a security vulnerability that stems from the presence of a stored cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to cause a local file inclusion...

9.3CVSS5.7AI score0.00749EPSS
Exploits1References2
CNVD
CNVD
added 2023/11/13 12:0 a.m.8 views

Apache Arrow Deserialization Vulnerability

Apache Arrow is a cross-language development platform for in-memory data processing from the U.S. Apache Apache Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A deserialization vulnerability exists...

9.8CVSS7AI score0.14414EPSS
Exploits0References1
Fedora
Fedora
added 2023/11/03 7:1 p.m.25 views

[SECURITY] Fedora 39 Update: redis-7.2.2-1.fc39

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

3.6CVSS7.2AI score0.00444EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/11/01 12:0 a.m.4 views

The vulnerability of the Apache ActiveMQ software platform, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Apache ActiveMQ software platform lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code by creating a class based on the OpenWire protocol...

10CVSS7.8AI score0.99654EPSS
Exploits31References7Affected Software2
OSV
OSV
added 2023/10/31 7:27 a.m.205 views

BIT-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS7AI score0.00444EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2023/10/28 12:0 a.m.20 views

Fedora: Security Advisory for redis (FEDORA-2023-8a9087f089)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.6CVSS4.4AI score0.00444EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/10/28 12:0 a.m.22 views

Fedora: Security Advisory for redis (FEDORA-2023-77ed1e26a4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.6CVSS4.4AI score0.00444EPSS
Exploits0References2
Fedora
Fedora
added 2023/10/27 1:26 a.m.35 views

[SECURITY] Fedora 38 Update: redis-7.0.14-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

3.6CVSS6.6AI score0.00444EPSS
Exploits0
Fedora
Fedora
added 2023/10/27 1:12 a.m.30 views

[SECURITY] Fedora 37 Update: redis-7.0.14-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

3.6CVSS7AI score0.00444EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.20 views

Fedora 38 : redis (2023-77ed1e26a4)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-77ed1e26a4 advisory. Redis 7.0.14 Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2023-45145 The wrong order...

3.6CVSS7.1AI score0.00444EPSS
Exploits0References2
Rows per page
Query Builder