35 matches found
BIT-VALKEY-2026-23631 redis-server Lua use-after-free may allow remote code execution
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
BIT-REDIS-2026-23631 redis-server Lua use-after-free may allow remote code execution
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
SUSE CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
DEBIAN-CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
EUVD-2026-27398
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
PT-2026-37086
Name of the Vulnerable Software and Affected Versions redis-server versions prior to 8.6.3 Description An authenticated attacker can exploit the master-replica synchronization mechanism in the built-in Lua scripting engine to trigger a use-after-free condition. This occurs on replicas where the...
Malicious code in bellatrix-centaurus-toml-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ebdb2e51245207a285797bc56d9291bf5876105e83d7392badb56818a5c0e06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in karma-dependencies-geckodriver-sirius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 801176c7498c86258fc33864d1d1a0405d7ba7062ec8bb2514017ee4e04b7f2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in isolated_dinosaur_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1164fd97ffca01c0ad315eed47fcd56cbb7ae79337a30fdea4b958f27e90a8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-122307 Malicious code in okta-kacang4-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d17299a50285a863441012b7492e66d196b66b0724fc4ebb6be54575dd0aea5a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-96047 Malicious code in profitable_orangutan_requirement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf6bd6b6f0d909581f40ca46d81345f4a11bb4ee4590e6bcc97a5e9c373b40ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-67122 Malicious code in causal-aquamarine-boar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3850a32ea5921b64b92b6b12704bc2430ec39b5322a31bcd2336c358d5875675 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in muddy-amber-lark (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef1b3a0a2afae0202e44a9ad0b170c2b8acd119a8bedc9a4707126beca05b8f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Virtuozzo Hybrid Infrastructure 6.3 Hotfix 1 (6.3.0-177)
This update provides stability and performance improvements. Vulnerability id: VSTOR-91833 A performance improvement. Vulnerability id: VSTOR-94382 Increased the number of Grafana dashboards that can be added to the Dashboard Directory. Vulnerability id: VSTOR-94508 In the admin panel, LUNs are n...
Malicious code in active-replicas (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6436 Malicious code in active-replicas (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Online Retail Hack
Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in "This Is Spinal Tap." Many of the minuscule...
Cloud storage security: What’s new in the threat matrix
Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in April 2021 as detailed in the blog post Thre...
Cloud storage security: What’s new in the threat matrix
Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in April 2021 as detailed in the blog post Thre...