strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache

Strongswan Release Notes reports: Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990. Fixed a denial-of-service vulnerability ...

CVE-2021-35529 Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)

Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing CSB allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects:...

VulnCheck KEV: CVE-2018-0953

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951,...

[SECURITY] Fedora 33 Update: redis-6.0.15-1.fc33

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2021-32761

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis BIT command are vulnerable to integer overflow that...

Oracle Coherence has an unspecified vulnerability (CNVD-2021-54688)

Oracle Coherence is a JCache-compliant in-memory distributed data grid solution for clustered applications and application servers.Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 An unspecified vulnerability exists in the Core component. An attacker could exploit...

IBM Cloud Pak for Applications 信息泄露漏洞

IBM Cloud Pak for Applications is an application from IBM Corporation. An information disclosure vulnerability exists in IBM Cloud Pak for Applications, which stems from the fact that the system does not effectively restrict access to in-memory data, which could be exploited by an attacker to gai...

Forblaze - A Python Mac Steganography Payload Generator

Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file for you which will be compiled to pull desired encrypted URLs out of the stego file, fetch payloads over https, and execute them directly into memory. It utilizes...

Fedora: Security Advisory for redis (FEDORA-2021-0ad4bec5b1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: redis-6.0.14-1.fc33

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 34 Update: redis-6.2.4-1.fc34

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

The vulnerability of the Jackson-databind library in the FasterXML project, related to the restoration of unreliable data in memory, allows a attacker to execute arbitrary code.

The vulnerability of the Jackson-databind library in the FasterXML project relates to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary code...

The vulnerability of the K2dobj.dl library of the COMPAS-3D 3D modeling system, related to the execution of operations outside the buffer boundaries in memory, allows attackers to cause system failures.

The vulnerability of the K2dobj.dl library in the KOMPAS-3D 3D modeling system is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to cause a service failure using a specially crafted CDW format file...

The vulnerability of the `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource` component in the Jackson-databind library of the FasterXML project allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability may allow an attacker to compromise the...

The vulnerability of the org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability may allow an attacker to compromise the...

The vulnerability of the org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS component from the Jackson-databind library in the FasterXML project allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability may allow an attacker to compromise the confidentiality,...

Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

RLSA-2021:2034 Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Design/Logic Flaw

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401...

R77-Rootkit - Fileless Ring 3 Rootkit With Installer And Persistence That Hides Processes, Files, Network Connections, Etc...

Ring 3 rootkit r77 is a ring 3 Rootkit that hides following entities from all processes: Files, directories, junctions, named pipes, scheduled tasks Processes CPU usage Registry keys & values Services TCP & UDP connections It is compatible with Windows 7 and Windows 10 in both x64 and x86 edition...