Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

Design/Logic Flaw

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

CVE-2024-2215

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

BIT-REDIS-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

openSUSE: Security Advisory for redis (SUSE-SU-2023:4290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:0200-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-528)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-528 advisory. 2024-02-29: CVE-2023-45145 was added to this advisory. Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer...

OESA-2024-1141 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel before 6.4.5, drivers/gpu/drm/drmatomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.CVE-2023-51043 A use-after-free flaw was found in the Linux Kernel...

Low: redis6

Issue Overview: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time,...

Low: redis6

Issue Overview: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time,...

Amazon Linux 2 : redis (ALASREDIS6-2024-009)

The version of redis installed on the remote host is prior to 6.2.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2024-009 advisory. Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can...

Amazon Linux 2023 : redis6 (ALAS2023-2024-513)

The version of redis6 installed on the remote host is prior to 6.2.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-513 advisory. - Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-516)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-516 advisory. Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote...

Important: redis

Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...

OESA-2024-1114 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel before 6.5.9, there is a NULL pointer dereference in sendacknowledge in net/nfc/nci/spi.c.CVE-2023-46343 In the Linux kernel before 6.4.12, amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpucs.c has a...

PT-2024-3472 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a flaw in the unix state double lock function within the net/unix/af unix.c module of the Linux kernel, affecting the AF UNIX socket implementation. This flaw i...

avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket

A flaw was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of th...

Debian dsa-5610 : redis - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5610 advisory. - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and...

CloudLinux CageFS 7.1.1-1 Token Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...