118 matches found
Integer overflow
Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the...
CVE-2021-41099
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...
Integer overflow
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...
CVE-2021-41099
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...
CVE-2021-41099
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...
CVE-2021-41099 Integer overflow issue with strings in Redis
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...
CVE-2021-32627
Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and...
Remote Code Execution
redis is vulnerable to remote code execution. An out-of-bounds read and integer overflow to buffer overflow exists and allows an attacker to execute arbitrary code on the host OS by changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially...
Integer overflow
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis BIT command are vulnerable to integer overflow that...
CVE-2021-29478
Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...
CVE-2021-29478
Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...
Integer overflow
Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...
CVE-2021-29478
Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...
CVE-2020-9247
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a...
GHSA-47QG-Q58V-7VRP UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Impact Any install that has UNEDITABLESCHEMAS and/or UNEDITABLETABLEDESCRIPTIONMATCHRULES set in the front-end, is being impacted. The value of these properties is ignored if set, allowing any user to modify table and column descriptions, even though the properties imply they shouldn't be. Patche...
CVE-2017-16996
An arbitrary memory r/w access issue was found in the Linux kernel compiled with the eBPF bpf2 system call CONFIGBPFSYSCALL support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this...
SUSE-SU-2020:0540-1 Security Beta update for Salt
This update fixes the following issues: salt: - Fix 'osfamily' grain for Astra Linux Common Edition - Update to Salt version 2019.2.3 CVE-2019-17361 bsc1163981 See release notes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html - Enable passing grains to start event based on...
CVE-2020-8951
Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager Configuration Parameter Translation page...
CVE-2020-8951
CVE-2020-8951 affects Fiserv Accurate Reconciliation 2.19.0, where a vulnerability exists in the Configuration Manager’s Source/Destination (Configuration Parameter Translation) fields that can be manipulated to perform cross‑site scripting (XSS). The issue is fixed in version 3.0.0 or higher. Th...
Information Disclosure
An attacker is able to obtain the private keys from a JWK keystore file by setting the configuration parameter rs.security.keystore.type to jwk...