Fedora: Security Advisory for redis (FEDORA-2023-8a9087f089)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for redis (FEDORA-2023-77ed1e26a4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: redis-7.0.14-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 37 Update: redis-7.0.14-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

The vulnerability of the cjson and cmsgpack libraries of the Redis database management system allows a attacker to execute arbitrary code.

The vulnerability of the cjson and cmsgpack libraries used by the Redis database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created Lua script...

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 CVSS score: 7.2, the issue relates to a privilege escalation flaw in the web UI feature and is sa...

SUSE SLES15 Security Update : slurm (SUSE-SU-2023:4114-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4114-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

SUSE SLES12 Security Update : slurm (SUSE-SU-2023:4119-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4119-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that's under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is tracked as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring syste...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Redis vulnerabilities (USN-5221-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5221-1 advisory. It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this...

SUSE-SU-2023:4000-1 Security update for yq

This update for yq fixes the following issues: yq was updated to 4.35.2 bsc1215808: Fixed number parsing as float bug in JSON 1756 Fixed string, null concatenation consistency 1712 Fixed expression parsing issue 1711 Update to 4.35.1: Added Lua output support Added BSD checksum format Update to...

Amazon Linux 2 : redis (ALASREDIS6-2023-002)

The version of redis installed on the remote host is prior to 6.2.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2023-002 advisory. A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executin...

Amazon Linux 2 : redis (ALASREDIS6-2023-007)

The version of redis installed on the remote host is prior to 6.2.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2023-007 advisory. Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts...

Amazon Linux 2 : redis (ALASREDIS6-2023-003)

The version of redis installed on the remote host is prior to 6.2.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2023-003 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an...

Important: redis

Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...

Low: redis

Issue Overview: A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. CVE-2022-24735 A flaw was found in the Red...

Important: redis

Issue Overview: Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and...

Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents

A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time JIT compiler for the Lua programming...

[SECURITY] Fedora 37 Update: redis-7.0.13-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 38 Update: redis-7.0.13-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...