[SECURITY] Fedora 33 Update: redis-6.0.13-1.fc33

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 34 Update: redis-6.2.3-1.fc34

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2021-29478

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...

The vulnerability of the xbean-reflect/JNDI library component from Jackson-databind allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the xbean-reflect/JNDI library component related to Jackson-databind involves the restoration of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

CVE-2020-1918

In-memory file operations ie: using fopen on a data URI did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...

CVE-2020-1918

In-memory file operations ie: using fopen on a data URI did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...

UBUNTU-CVE-2020-1918

In-memory file operations ie: using fopen on a data URI did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...

Memory corruption

In-memory file operations ie: using fopen on a data URI did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...

CVE-2020-1918

CVE-2020-1918 affects HHVM: reading memory prior to the in‑memory buffer via fopen on a data URI due to improper restriction of negative seeking. Affected versions include HHVM before 4.56.3, 4.57.0–4.80.1, 4.81.0–4.93.1, and 4.94.0–4.98.0. The provided documents do not specify a final patched ve...

The vulnerability of the org.aoju.busproxy.provider.remoting.RmiProvider component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the org.aoju.busproxy.provider.remoting.RmiProvider component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrit...

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins...

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used t...

A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the...

The vulnerability of the Squid proxy server, related to the execution of operations beyond the buffer in memory, allows attackers to gain access to protected information.

The vulnerability of the Squid proxy server is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to protected information by sending specially crafted requests...

The vulnerability of the PHP framework Yii, related to the restoration of unreliable data structures in memory, allows attackers to execute arbitrary code.

The vulnerability of the PHP framework Yii is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

Important: Red Hat Security Advisory: Red Hat Data Grid 7.3.8 security update

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by...

Apache NiFi API Remote Code Execution Exploit

This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured or credentials provided and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and...

Kong Gateway Admin API Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kong Gateway Admin API Remote Code Execution', 'Description' = ' This module uses the Kong admin API to create a route...

The vulnerability of the Java framework Apache Camel, related to the recovery of unreliable data structures in memory, allows an attacker to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the Java framework Apache Camel is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information, execute arbitrary code, or cause service failure...