780 matches found
CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...
CVE-2023-49568
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
CVE-2023-41056
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4...
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...
PT-2024-1038 · Schneider Electric · Easergy Studio
Name of the Vulnerable Software and Affected Versions: Easergy Studio versions affected versions not specified Description: A deserialization of untrusted data issue exists, allowing an attacker with a user-level account to gain higher privileges by providing a harmful serialized object. This cou...
CVE-2023-49944
The Challenge Response feature of BeyondTrust Privilege Management for Windows PMfW before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature...
Oracle TimesTen In-Memory Database Installed (Windows)
Binary data oracletimestenimdbwininstalled.nbin...
Oracle TimesTen In-Memory Database Installed (Linux / Unix)
Binary data oracletimestenimdbnixinstalled.nbin...
H2O Security Breach
H2O is an in-memory platform for distributed, scalable machine learning. H2O suffers from a security vulnerability that stems from allowing an unauthorized attacker to access the S3 bucket and execute remote code...
H2O Security Breach
H2O is an in-memory platform for distributed, scalable machine learning. H2O suffers from a security vulnerability that stems from allowing an attacker to execute remote code via the POJO model import function...
H2O Security Breach
H2O is an in-memory platform for distributed, scalable machine learning. H2O has a security vulnerability that stems from the presence of a stored cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to cause a local file inclusion...
Apache Arrow Deserialization Vulnerability
Apache Arrow is a cross-language development platform for in-memory data processing from the U.S. Apache Apache Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A deserialization vulnerability exists...
[SECURITY] Fedora 39 Update: redis-7.2.2-1.fc39
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
The vulnerability of the Apache ActiveMQ software platform, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.
The vulnerability of the Apache ActiveMQ software platform lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code by creating a class based on the OpenWire protocol...
BIT-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
Fedora: Security Advisory for redis (FEDORA-2023-8a9087f089)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for redis (FEDORA-2023-77ed1e26a4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: redis-7.0.14-1.fc38
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
[SECURITY] Fedora 37 Update: redis-7.0.14-1.fc37
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
Fedora 38 : redis (2023-77ed1e26a4)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-77ed1e26a4 advisory. Redis 7.0.14 Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2023-45145 The wrong order...