Lucene search
K

780 matches found

NVD
NVD
added 2023/10/18 9:15 p.m.24 views

CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS3.9AI score0.00444EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/10/18 9:15 p.m.58 views

CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS6.6AI score0.00444EPSS
Exploits0References4
CVE
CVE
added 2023/10/18 8:17 p.m.355 views

CVE-2023-45145

CVE-2023-45145 affects Redis: on startup Redis opens a Unix socket before applying configured permissions, enabling a brief race condition if umask is permissive. The issue has been fixed in Redis 7.2.2, 7.0.14, and 6.2.14. Connected advisories (Astra Linux, Amazon Linux variants, Debian DLA) cor...

3.6CVSS4AI score0.00444EPSS
Exploits0References7Affected Software1
AlpineLinux
AlpineLinux
added 2023/10/18 8:17 p.m.36 views

CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS4.2AI score0.00444EPSS
Exploits0
OSV
OSV
added 2023/10/18 8:17 p.m.62 views

CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS4.7AI score0.00444EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2023/10/10 12:0 a.m.5 views

The vulnerability of the PDF viewer software in Foxit PDF Reader, related to the execution of operations beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of the PDF viewer software in Foxit PDF Reader relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially created malware file...

3.3CVSS6.6AI score0.00389EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/03 12:0 a.m.4 views

The vulnerability of the commons-beanutils component in the open-source Apache Jackrabbit content storage framework allows a perpetrator to execute arbitrary code.

The vulnerability of the commons-beanutils component in the open-source Apache Jackrabbit content storage framework relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.02657EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.28 views

Amazon Linux 2 : redis (ALASREDIS6-2023-005)

The version of redis installed on the remote host is prior to 6.2.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2023-005 advisory. Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffe...

7.5CVSS7.1AI score0.31049EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.50 views

Amazon Linux 2 : redis (ALASREDIS6-2023-001)

The version of redis installed on the remote host is prior to 6.2.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2023-001 advisory. Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTR...

6.5CVSS7AI score0.69355EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/09/21 12:0 a.m.28 views

SUSE SLES15 / openSUSE 15 Security Update : redis7 (SUSE-SU-2023:3711-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3711-1 advisory. - CVE-2023-41053: Fixed SORTRO may bypass ACL configuration bsc1215094. Tenable has extracted the preceding description block...

3.3CVSS6.6AI score0.0034EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.5 views

The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, arises from the fact that confidential information is stored in unencrypted form in memory, allowing a hacker to obtain user account details.

The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, relates to the storage of confidential information in unencrypted form in memory. Exploiting this vulnerability could allow a malicious actor to access user credentials remotely...

7.4CVSS7.1AI score0.0012EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2023/09/16 1:41 a.m.56 views

[SECURITY] Fedora 37 Update: redis-7.0.13-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

3.3CVSS5AI score0.0034EPSS
Exploits0
Fedora
Fedora
added 2023/09/16 1:28 a.m.34 views

[SECURITY] Fedora 38 Update: redis-7.0.13-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

3.3CVSS5AI score0.0034EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/16 12:0 a.m.27 views

Fedora 38 : redis (2023-03422cb8de)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-03422cb8de advisory. Redis 7.0.13 Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes CVE-2023-41053 Redis does not...

3.3CVSS7AI score0.0034EPSS
Exploits0References2
Fedora
Fedora
added 2023/09/15 7:7 p.m.32 views

[SECURITY] Fedora 39 Update: redis-7.2.1-1.fc39

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

3.3CVSS7AI score0.0034EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/09/14 12:0 a.m.4 views

The vulnerability of the Jackson-databind library in the FasterXML project, related to the restoration of unreliable data in memory, allows a attacker to cause a service failure.

The vulnerability of the Jackson-databind library in the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.6AI score0.02824EPSS
Exploits2References15Affected Software8
BDU FSTEC
BDU FSTEC
added 2023/09/14 12:0 a.m.5 views

The vulnerability of the Jackson-databind library in the FasterXML project, related to the restoration of unreliable data in memory, allows a attacker to cause a service failure.

The vulnerability of the Jackson-databind library in the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

7.8CVSS6.5AI score0.02656EPSS
Exploits1References14Affected Software8
0day.today
0day.today
added 2023/09/13 12:0 a.m.361 views

Ivanti Sentry Authentication Bypass / Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Sentry MICSLogService Auth Bypass resulting in RCE CVE-2023-38035', 'Description' = %q This module exploits an authentication bypass in...

9.8CVSS9.8AI score0.99949EPSS
Exploits6
BDU FSTEC
BDU FSTEC
added 2023/09/11 12:0 a.m.4 views

The vulnerability of the library for processing files and network operations, hutool-json, is related to writing beyond the buffer boundaries in memory. This allows a malicious actor to cause a service failure.

The vulnerability of the hutool-json library for file processing and network operations is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.4AI score0.00762EPSS
Exploits1References5Affected Software2
NVD
NVD
added 2023/09/06 9:15 p.m.18 views

CVE-2023-41053

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...

3.3CVSS4.1AI score0.0034EPSS
Exploits0References5
Rows per page
Query Builder