[SECURITY] Fedora 40 Update: redis-7.2.6-1.fc40

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2024-41592

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs...

The vulnerability of the KV Service component in the Couchbase Server database management system for NoSQL databases allows attackers to disclose sensitive information.

The vulnerability of the KV Service component in the Couchbase Server database management system for NoSQL databases is related to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

LF Edge eKuiper 安全漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A security vulnerability exists in LF Edge eKuiper versions prior to 1.14.2, which originates from a user can leverage SQL injection to execute malicious SQL queries via the Get method in sqlKvStore...

Couchbase Server 安全漏洞

Couchbase Server is a distributed open source NoSQL non-relational database from Couchbase, Inc. in the United States. It supports data query, full-text search and active global replication. A security vulnerability exists in Couchbase Server versions prior to 7.2.5 and versions 7.6.0 through...

CVE-2024-6122

An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which...

PT-2024-37398 · National Instruments · Ni Flexlogger +1

Name of the Vulnerable Software and Affected Versions: NI SystemLink Server versions prior to 2024 Q1 NI FlexLogger versions prior to 2023 Q2 Description: An issue with incorrect permissions in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may lead to...

CVE-2022-1941

A parsing vulnerability for the MessageSet type in the ProtocolBuffers can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input...

PT-2024-5971 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 7.2.5 Couchbase Server versions 7.6.0 through 7.6.0 Description: The issue is related to insufficient encryption of data in the Key-Value KV service of Couchbase Server. This could allow a remote attacker to...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

[SECURITY] Fedora 40 Update: php-wikimedia-cdb-3.0.0-1.fc40

CDB, short for "constant database", refers to a very fast and highly reliable database system which uses a simple file with key value pairs. This library wraps the CDB functionality exposed in PHP via the dba functions. In cases where dba functions are not present or are not compiled with CDB...

RHEL 7 : etcd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - etcd: Cross-site request forgery via crafted local POST forms CVE-2018-1098 - etcd: Information discosure...

Honeywell Experion Server 安全漏洞

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server, which stems from the fact that the server's receipt of a malformed...

Honeywell Experion Server 安全漏洞

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server, which stems from the fact that the server's receipt of a malformed...

BIT-VAULT-2023-2121 Vault’s KV Diff Viewer Allowed for HTML Injection

Vault and Vault Enterprise's Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11...

Important: Red Hat Enhancement Advisory: redis:7 update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set...

Denial of Service Vulnerability in Damon New Cloud Cache Database (DMCDM)

Damon New Cloud Cache Database DMCDM is a self-developed Key-Value database that is deeply compatible with the native Redis protocol. A denial of service vulnerability exists in Damon New Cloud Cache Database DMCDM, which can be exploited by attackers to cause a denial of service...

Missing Encryption

github.com/cilium/cilium is vulnerable to Missing Encryption between pods. The vulnerability is caused when external key-value store kvstore and Wireguard transparent encryption are enabled. If an attacker has access to the underlying cluster they can intercept sensitive traffic between pods,...

samba: type confusion in mdssvc RPC service for spotlight

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

Splunk Security Breach

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...