CVE-2024-36513

A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts...

CVE-2024-36513

A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts...

PT-2024-27041 · Fortinet · Forticlientwindows

Name of the Vulnerable Software and Affected Versions: FortiClient Windows versions 7.2.4 and below FortiClient Windows version 7.0.12 and below FortiClient Windows version 6.4 Description: A privilege context switching error vulnerability in FortiClient Windows may allow an authenticated user to...

Fortinet FortiClient Privilege escalation via lua auto patch function (FG-IR-24-144)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-144 advisory. - A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12...

Updated redis packages fix security vulnerabilities

An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. CVE-2024-31227 Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported...

OESA-2024-2269 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...

OESA-2024-2270 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...

OESA-2024-2271 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...

OESA-2024-2272 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...

[SECURITY] Fedora 39 Update: valkey-8.0.1-1.fc39

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

CVE-2024-31449

...

[SECURITY] Fedora 41 Update: valkey-8.0.1-1.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 39 Update: redis-7.2.6-1.fc39

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 40 Update: redis-7.2.6-1.fc40

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign,...

Security update for redis

This update for redis fixes the following issues: CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

BIT-VALKEY-2024-31449 Lua library commands may lead to stack overflow and RCE in Redis

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scriptin...

BIT-REDIS-2024-31449 Lua library commands may lead to stack overflow and RCE in Redis

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scriptin...

SUSE SLES15 / openSUSE 15 Security Update : redis7 (SUSE-SU-2024:3549-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3549-1 advisory. - CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 - CVE-2024-31228: Fixed unbounded...

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer...