WordPress BlockMeister – Block Pattern Builder Plugin <= 3.1.10 is vulnerable to Cross Site Scripting (XSS)

Software BlockMeister – Block Pattern Builder Type Plugin Vulnerable versions = 3.1.10 Fixed in 3.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9616 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ebcd0d6a0a49...

SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2024:3575-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3575-1 advisory. - CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 - CVE-2024-31449: Fixed integer overflow bug ...

Security update for redis

This update for redis fixes the following issues: CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2024:3575-1 Security update for redis

This update for redis fixes the following issues: - CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 - CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264...

Security update for redis7

This update for redis7 fixes the following issues: CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install...

SUSE-SU-2024:3549-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 - CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 - CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264...

openSUSE Security Advisory (SUSE-SU-2024:3535-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2024:3535-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3535-1 advisory. - CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 - CVE-2024-31228: Fixed unbounded...

ALPINE-CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

DEBIAN-CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

Security update for redis7

This update for redis7 fixes the following issues: CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install...

SUSE-SU-2024:3537-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 - CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 - CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264...

Security update for redis

This update for redis fixes the following issues: CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install...

SUSE-SU-2024:3535-1 Security update for redis

This update for redis fixes the following issues: - CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 - CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 - CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264...

PT-2024-32800 · Unknown · @Backstage/Plugin-App-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-app-backend versions prior to 0.3.75 Description: The issue concerns the configuration supplied through APP CONFIG environment variables, where the visibility defined in the configuration schema is unexpectedly ignored. This...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-717)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-717 advisory. Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Tenable has...

Important: redis

Issue Overview: Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Affected Packages: redis Note: This advisory is applicable to Amazon Linux 2 - Redis6 Extra. Visit this...

redis,valkey -- Multiple vulnerabilities

Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...