51 matches found
CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
BIT-KEYDB-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
CVE-2024-27011
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result ...
BIT-REDIS-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G 跨站请求伪造漏洞
The Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G is a mobile network wireless router from Guangzhou Tozed Kangwei Intelligent Technology. A security vulnerability exists in the Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G S10G3.11.6, which allows an attacker to take over a user'...
SUSE CVE-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
CVE-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
PYSEC-2023-312
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
DEBIAN-CVE-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
PT-2023-12146 · Redis +2 · Redis +2
Name of the Vulnerable Software and Affected Versions: Redis versions prior to 6.2 Redis versions prior to 6cbea7d Description: The issue allows a replica to cause an assertion failure in a primary server by sending a non-administrative command, specifically a SET command. This was fixed for Redi...
CVE-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
CVE-2021-31294
CVE-2021-31294 : Redis before 6cbea7d allows a replica to trigger an assertion failure on a primary server by sending a non-administrative command (specifically, SET). The issue is resolved in Redis 6.2.x and 7.x (2021). Affected line: Redis pre-6.2 safety guarantees did not apply. Practical impa...
Microsoft CMD.EXE Integer Overflow
Hi @ll, the subject says it all: a 25 year old TRIVIAL signed integer arithmetic bug which may well have earned a PhD now crashes Windows' command interpreter CMD.exe via its builtin SET command. See their documentation: Classification CWE-190: Integer Overflow or Wraparound CWE-248: Uncaught...
CVE-2021-32761
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis BIT command are vulnerable to integer overflow that...
Improper Control of Dynamically-Managed Code Resources in config-shield
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
GoDaddy Node-config-shield Security Vulnerability
GoDaddy Node-config-shield is a Javascript-based codebase for checking sensitive information in projects by GoDaddy, Inc. A security vulnerability exists in GoDaddy node-config-shield that stems from a call to eval while processing the set command...
PT-2021-16986 · Npm · Node-Config-Shield
Name of the Vulnerable Software and Affected Versions: node-config-shield versions prior to 0.2.2 Description: The issue concerns the node-config-shield package, where the scripts/cli.js file calls eval when processing a set command. This could potentially lead to issues if the set command is use...