Lucene search
K

780 matches found

BDU FSTEC
BDU FSTEC
added 2023/05/31 12:0 a.m.4 views

The vulnerability of the structural component of the database management system (DBMS) Redis software used in ABB eSOMS, a production process management system, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the structural component of the Redis database management system for managing manufacturing processes in ABB eSOMS lies in the storage of passwords in a recoverable format. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected informatio...

6.1CVSS6.3AI score0.00289EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2023/05/24 7:30 a.m.2 views

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services IIS servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center ASEC, which detailed the advanced...

7AI score
Exploits0
OSV
OSV
added 2023/05/18 5:28 p.m.12 views

GHSA-W3F6-PC54-GFW7 swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...

7.5CVSS7.4AI score0.01101EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/03 12:0 a.m.34 views

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-164)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-164 advisory. Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and...

6.5CVSS7.1AI score0.54978EPSS
Exploits0References6
Malwarebytes
Malwarebytes
added 2023/04/27 3:0 a.m.16 views

Fileless attacks: How attackers evade traditional AV and how to stop them

When you hear about malware, theres a good chance you think of sketchy executables or files with extensions like .DOCX or .PDF that, once opened, execute malicious code. These are examples of file-based attacks--and while they can be bad, theyre nothing compared to their fileless cousins. As the...

6.9AI score
Exploits0
Fedora
Fedora
added 2023/04/27 1:30 a.m.40 views

[SECURITY] Fedora 36 Update: redis-6.2.12-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

6.5CVSS6.9AI score0.00963EPSS
Exploits0
Fedora
Fedora
added 2023/04/27 1:25 a.m.32 views

[SECURITY] Fedora 38 Update: redis-7.0.11-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

6.5CVSS6.9AI score0.00963EPSS
Exploits0
Fedora
Fedora
added 2023/04/27 12:36 a.m.37 views

[SECURITY] Fedora 37 Update: redis-7.0.11-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

6.5CVSS6.9AI score0.00963EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/04/25 1:4 p.m.60 views

Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated...

7.3AI score
Exploits0
Debian CVE
Debian CVE
added 2023/04/18 8:50 p.m.30 views

CVE-2023-28856

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

6.5CVSS5.6AI score0.00963EPSS
Exploits0
OSV
OSV
added 2023/04/18 8:50 p.m.29 views

CVE-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

5.5CVSS5.5AI score0.00963EPSS
Exploits0References10
Fedora
Fedora
added 2023/04/18 1:32 a.m.30 views

[SECURITY] Fedora 37 Update: libxml2-2.10.4-1.fc37

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

6.5CVSS6.8AI score0.01086EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/03/31 12:0 a.m.17 views

Fedora: Security Advisory for redis (FEDORA-2023-86068d1187)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.9AI score0.54978EPSS
Exploits0References2
Fedora
Fedora
added 2023/03/30 1:21 a.m.49 views

[SECURITY] Fedora 37 Update: redis-7.0.10-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

5.5CVSS5.8AI score0.54978EPSS
Exploits0
NVD
NVD
added 2023/03/20 8:15 p.m.20 views

CVE-2023-28425

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS5.7AI score0.54978EPSS
Exploits0References4
CVE
CVE
added 2023/03/20 7:3 p.m.144 views

CVE-2023-28425

CVE-2023-28425 affects Redis 7.0.8 and earlier versions up to 7.0.9; authenticated users can use MSETNX to trigger a runtime assertion that terminates the server. The issue is fixed in Redis 7.0.10. Impact: availability loss (server crash). Remediation: upgrade to Redis 7.0.10 or later (per the p...

5.5CVSS5.6AI score0.54978EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2023/03/20 7:3 p.m.23 views

CVE-2023-28425

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS5AI score0.54978EPSS
Exploits0
OSV
OSV
added 2023/03/20 7:3 p.m.31 views

CVE-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS4.3AI score0.54978EPSS
Exploits0References6
Kitploit
Kitploit
added 2023/03/18 11:30 a.m.33 views

Ator - Authentication Token Obtain and Replace Extender

The plugin is created to help automated scanning using Burp in the following scenarios: 1. Access/Refresh token 2. Token replacement in XML,JSON body 3. Token replacement in cookies The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become...

7.8AI score
Exploits0References4
Fedora
Fedora
added 2023/03/10 1:38 a.m.48 views

[SECURITY] Fedora 36 Update: redis-6.2.11-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

6.5CVSS6.1AI score0.59706EPSS
Exploits0
Rows per page
Query Builder