Lucene search
K

780 matches found

NVD
NVD
added 2022/07/19 9:15 p.m.16 views

CVE-2022-31144

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

8.8CVSS0.02383EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2022/07/19 8:15 p.m.36 views

CVE-2022-31144

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

8.8CVSS8.2AI score0.02383EPSS
Exploits0
CVE
CVE
added 2022/07/19 8:15 p.m.158 views

CVE-2022-31144

Summary: CVE-2022-31144 is a Redis heap overflow issue triggered by a crafted XAUTOCLAIM on a stream key in certain states. Affects Redis 7.x before 7.0.4. The fix is included in Redis 7.0.4. Several connected sources (Astra Linux, Alpine Linux, Debian, Gentoo GLSA, etc.) reference the same vulne...

8.8CVSS8AI score0.02383EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/07/19 8:15 p.m.34 views

CVE-2022-31144 Potential heap overflow in Redis

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

7CVSS6AI score0.02383EPSS
Exploits0References6
Fedora
Fedora
added 2022/07/17 1:15 a.m.25 views

[SECURITY] Fedora 35 Update: golang-github-hashicorp-memdb-1.3.0-5.fc35

The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...

9.3CVSS7.9AI score0.05994EPSS
Exploits4
Fedora
Fedora
added 2022/07/04 1:35 a.m.19 views

[SECURITY] Fedora 36 Update: golang-github-hashicorp-memdb-1.3.0-5.fc36

The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...

9.3CVSS7.9AI score0.05994EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.14 views

The vulnerability of the SecUsers.ini file of the controller display utility for OpenBSI allows a hacker to gain unauthorized access to protected information.

The vulnerability of the SecUsers.ini file of the controller display utility related to OpenBSI involves storing confidential information in an unencrypted form in memory. Exploiting this vulnerability could allow a remote attacker to gain access to the user credentials...

7.8CVSS5.5AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.5 views

PT-2022-3095 · Omron · Omron Cs Series +1

Name of the Vulnerable Software and Affected Versions: Omron CS series, CJ series, and CP series PLCs versions prior to 2022-05-18 Description: The issue is related to the storage of the password for access to the Web UI in memory area D1449...D1452, which can be read out using the Omron FINS...

7.8CVSS7.5AI score0.0051EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2022/06/10 12:0 a.m.46 views

Security Updates for Microsoft Word Products C2R (April 2020)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data;...

9.3CVSS8.5AI score0.11548EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/05/26 2:0 p.m.10 views

CVE-2022-20821 Cisco IOS XR Software Health Check Open Port Vulnerability

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

6.5CVSS7.4AI score0.1176EPSS
Exploits0References1
Cisco
Cisco
added 2022/05/20 4:0 p.m.38 views

Cisco IOS XR Software Health Check Open Port Vulnerability

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

6.5CVSS6.8AI score0.1176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/20 12:0 a.m.38 views

CVE-2022-20821

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

6.5CVSS2.1AI score0.1176EPSS
In wildExploits0References2
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.5 views

The vulnerability of the Hazelcast platform, a software product for data processing, in the Atlassian Bitbucket Data Center allows a perpetrator to execute arbitrary code.

The vulnerability of the Hazelcast platform, a software product for data processing, in the Atlassian/Bitbucket Data Center environment, relates to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

10CVSS7.8AI score0.71391EPSS
Exploits4References5Affected Software1
OSV
OSV
added 2022/05/13 1:50 a.m.1 views

GHSA-2632-H32J-6RG9 Missing Release of Resource after Effective Lifetime in Jenkins

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...

7.5CVSS6.8AI score0.01673EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:50 a.m.29 views

Missing Release of Resource after Effective Lifetime in Jenkins

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...

7.5CVSS4.4AI score0.01673EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:20 a.m.29 views

ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286,...

7.6CVSS7AI score0.19229EPSS
Exploits0References7Affected Software1
The Hacker News
The Hacker News
added 2022/05/12 5:36 a.m.33 views

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/05/09 4:40 a.m.34 views

Ursnif Malware Banks on News Events for Phishing Attacks

Ursnif aka Gozi, Dreambot, ISFB is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of the top ten most prolific pieces of malware. Among its core...

0.6AI score
Exploits0
Fedora
Fedora
added 2022/05/07 5:14 a.m.59 views

[SECURITY] Fedora 36 Update: redis-6.2.7-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

7.8CVSS0.7AI score0.02189EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2022/05/06 12:0 a.m.5 views

Vulnerability of the Cluster component: The general database management system of Oracle MySQL Cluster allows a hacker to gain full control over the application.

Vulnerability of the Cluster component: The general database management system for Oracle MySQL Cluster is vulnerable when operations are performed outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain full control over the application through various network...

6.5CVSS6.8AI score0.78854EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder