780 matches found
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
CVE-2023-45145
CVE-2023-45145 affects Redis: on startup Redis opens a Unix socket before applying configured permissions, enabling a brief race condition if umask is permissive. The issue has been fixed in Redis 7.2.2, 7.0.14, and 6.2.14. Connected advisories (Astra Linux, Amazon Linux variants, Debian DLA) cor...
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
The vulnerability of the PDF viewer software in Foxit PDF Reader, related to the execution of operations beyond the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the PDF viewer software in Foxit PDF Reader relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially created malware file...
The vulnerability of the commons-beanutils component in the open-source Apache Jackrabbit content storage framework allows a perpetrator to execute arbitrary code.
The vulnerability of the commons-beanutils component in the open-source Apache Jackrabbit content storage framework relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Amazon Linux 2 : redis (ALASREDIS6-2023-005)
The version of redis installed on the remote host is prior to 6.2.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2023-005 advisory. Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffe...
Amazon Linux 2 : redis (ALASREDIS6-2023-001)
The version of redis installed on the remote host is prior to 6.2.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2023-001 advisory. Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTR...
SUSE SLES15 / openSUSE 15 Security Update : redis7 (SUSE-SU-2023:3711-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3711-1 advisory. - CVE-2023-41053: Fixed SORTRO may bypass ACL configuration bsc1215094. Tenable has extracted the preceding description block...
The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, arises from the fact that confidential information is stored in unencrypted form in memory, allowing a hacker to obtain user account details.
The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, relates to the storage of confidential information in unencrypted form in memory. Exploiting this vulnerability could allow a malicious actor to access user credentials remotely...
[SECURITY] Fedora 37 Update: redis-7.0.13-1.fc37
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
[SECURITY] Fedora 38 Update: redis-7.0.13-1.fc38
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
Fedora 38 : redis (2023-03422cb8de)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-03422cb8de advisory. Redis 7.0.13 Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes CVE-2023-41053 Redis does not...
[SECURITY] Fedora 39 Update: redis-7.2.1-1.fc39
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
The vulnerability of the Jackson-databind library in the FasterXML project, related to the restoration of unreliable data in memory, allows a attacker to cause a service failure.
The vulnerability of the Jackson-databind library in the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Jackson-databind library in the FasterXML project, related to the restoration of unreliable data in memory, allows a attacker to cause a service failure.
The vulnerability of the Jackson-databind library in the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
Ivanti Sentry Authentication Bypass / Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Sentry MICSLogService Auth Bypass resulting in RCE CVE-2023-38035', 'Description' = %q This module exploits an authentication bypass in...
The vulnerability of the library for processing files and network operations, hutool-json, is related to writing beyond the buffer boundaries in memory. This allows a malicious actor to cause a service failure.
The vulnerability of the hutool-json library for file processing and network operations is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...
CVE-2023-41053
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...