780 matches found
CVE-2022-31144
Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...
CVE-2022-31144
Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...
CVE-2022-31144
Summary: CVE-2022-31144 is a Redis heap overflow issue triggered by a crafted XAUTOCLAIM on a stream key in certain states. Affects Redis 7.x before 7.0.4. The fix is included in Redis 7.0.4. Several connected sources (Astra Linux, Alpine Linux, Debian, Gentoo GLSA, etc.) reference the same vulne...
CVE-2022-31144 Potential heap overflow in Redis
Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...
[SECURITY] Fedora 35 Update: golang-github-hashicorp-memdb-1.3.0-5.fc35
The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...
[SECURITY] Fedora 36 Update: golang-github-hashicorp-memdb-1.3.0-5.fc36
The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...
The vulnerability of the SecUsers.ini file of the controller display utility for OpenBSI allows a hacker to gain unauthorized access to protected information.
The vulnerability of the SecUsers.ini file of the controller display utility related to OpenBSI involves storing confidential information in an unencrypted form in memory. Exploiting this vulnerability could allow a remote attacker to gain access to the user credentials...
PT-2022-3095 · Omron · Omron Cs Series +1
Name of the Vulnerable Software and Affected Versions: Omron CS series, CJ series, and CP series PLCs versions prior to 2022-05-18 Description: The issue is related to the storage of the password for access to the Web UI in memory area D1449...D1452, which can be read out using the Omron FINS...
Security Updates for Microsoft Word Products C2R (April 2020)
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data;...
CVE-2022-20821 Cisco IOS XR Software Health Check Open Port Vulnerability
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...
Cisco IOS XR Software Health Check Open Port Vulnerability
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...
CVE-2022-20821
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...
The vulnerability of the Hazelcast platform, a software product for data processing, in the Atlassian Bitbucket Data Center allows a perpetrator to execute arbitrary code.
The vulnerability of the Hazelcast platform, a software product for data processing, in the Atlassian/Bitbucket Data Center environment, relates to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...
GHSA-2632-H32J-6RG9 Missing Release of Resource after Effective Lifetime in Jenkins
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...
Missing Release of Resource after Effective Lifetime in Jenkins
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286,...
Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers
Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under...
Ursnif Malware Banks on News Events for Phishing Attacks
Ursnif aka Gozi, Dreambot, ISFB is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of the top ten most prolific pieces of malware. Among its core...
[SECURITY] Fedora 36 Update: redis-6.2.7-1.fc36
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
Vulnerability of the Cluster component: The general database management system of Oracle MySQL Cluster allows a hacker to gain full control over the application.
Vulnerability of the Cluster component: The general database management system for Oracle MySQL Cluster is vulnerable when operations are performed outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain full control over the application through various network...