PT-2022-27071 · Unknown · Stackstorm

Name of the Vulnerable Software and Affected Versions: StackStorm version 3.7.0 Description: The issue is related to improper access control in Key-Value RBAC, where permissions in Jinja filters are not checked, allowing attackers to access Key-Value pairs of other users. This could potentially...

CVE-2022-44009

StackStorm 3.7.0 is affected by an improper access control flaw in Key-Value RBAC, where permissions checks are not applied in Jinja filters. This could allow an attacker to access another user’s K/V pairs and potentially expose sensitive information. The provided documents consistently describe ...

CVE-2022-44009

Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...

RLSA-2022:8096 Low: redis security and bug fix update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

ALSA-2022:8096 Low: redis security and bug fix update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Low: redis security and bug fix update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

[SECURITY] Fedora 37 Update: php-wikimedia-cdb-2.0.0-8.fc37

CDB, short for "constant database", refers to a very fast and highly reliable database system which uses a simple file with key value pairs. This library wraps the CDB functionality exposed in PHP via the dba functions. In cases where dba functions are not present or are not compiled with CDB...

RLSA-2022:7541 Low: redis:6 security, bug fix, and enhancement update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

ALSA-2022:7541 Low: redis:6 security, bug fix, and enhancement update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Low: redis:6 security, bug fix, and enhancement update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Stack overflow

IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service DOS when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit...

Denial Of Service (DoS)

protobuf-cpp is vulnerable to Denial of Service. The vulnerability exists in multiple functions due to out of memory failures which allows an attacker to cause an application crash via multiple key-value...

Redis 安全漏洞

Redis Labs Redis is Redis Labs, Inc. is a set of open source written in ANSI C, network-enabled, memory-based can also be persistent log-type, key-value Key-Value storage database, and provides a variety of languages API. A security vulnerability exists in Redis. An attacker could exploit this...

[SECURITY] Fedora 37 Update: redis-7.0.5-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Fedora: Security Advisory for redis (FEDORA-2022-de7b3ceca6)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

HashiCorp Vault vulnerable to incorrect metadata access

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checkin...

HashiCorp Vault 安全漏洞

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. A security vulnerability exists in HashiCorp Vault and Vault Enterprise versions 1.8.0 through 1.11.2 that stems from an issue with checking for the correct alias assigned to an entity, Vault may overwrite metada...

CVE-2022-40186

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checkin...

CVE-2022-35517

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: webpskValue, wlMethod, wlanssid, EncrypType, rwanip, rwanmask, rwangateway, pppusername, ppppasswd and pppsetver, which leads to command injection in page /wizardroutermesh.shtml...

Fedora: Security Advisory for golang-github-cockroachdb-pebble (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...