redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

How to Add Exclusions to Veeam Threat Hunter Scan

Purpose This article documents how to exclude files from the Veeam Threat Hunter scan. Solution To exclude specific files or folders from Veeam Threat Hunter scans, add a registry entry on your Veeam Backup Server: Registry Path: HKLM\SOFTWARE\Veeam\Veeam Threat Hunter\ Value Name:...

DEBIAN-CVE-2024-53107

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: prevent integer overflow in pagemapscangetargs The "arg-veclen" variable is a u64 that comes from the user at the start of the function. The "arg-veclen sizeofstruct pageregion" multiplication can lead to integer...

CVE-2024-53107 fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: prevent integer overflow in pagemapscangetargs The "arg-veclen" variable is a u64 that comes from the user at the start of the function. The "arg-veclen sizeofstruct pageregion" multiplication can lead to integer...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an integer overflow in the pagemapscangetargs function in the fs/proc/taskmmu component...

OESA-2024-2496 perl-Module-ScanDeps security update

This module scans potential modules used by perl programs, and returns a hash reference; its keys are the module names as appears in %INC e.g. Test/More.pm; the values are hash references. Security Fixes: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps,...

MAL-2024-11001 Malicious code in scan-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7ef4d9984cb1556d85ee7a49552a644920b953dfe2a86a1b22d190cdfce82a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in scan-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7ef4d9984cb1556d85ee7a49552a644920b953dfe2a86a1b22d190cdfce82a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@lobehub/chat Server Side Request Forgery vulnerability

Summary lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/ click settings - llm - openai fill the...

CVE-2024-50371

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote...

CVE-2024-10570 Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validatio...

PT-2024-9473 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the "scan ap" API of Advantech's...

The vulnerability of the Trend Micro Antivirus One antivirus protection tool for MacOS systems lies in insufficient validation of input data, allowing attackers to bypass the virus scanning process.

The vulnerability of the Trend Micro Antivirus One antivirus protection software for MacOS systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass the virus scanning process...

WordPress Security & Malware scan by CleanTalk Plugin <= 2.145 is vulnerable to SQL Injection

Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.145 Fixed in 2.145.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10570 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ceade72368ed Credits mikemyers Required...

The vulnerability of the microprogrammed software of the D-Link DSL6740C modem, related to the display of the WiFi password, allows a intruder to execute a brute-force attack.

The vulnerability of D-Link DSL6740C modem’s microprogramming software lies in the fact that the default Wi-Fi password is displayed during network scanning. Exploiting this vulnerability allows a remote attacker to execute a brute-force attack...

Exploit for OS Command Injection in Yogeshojha Rengine

reNgine 2.2.0 - Command Injection - CVE-2023-50094 Descri...

CVE-2024-30377

G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2024-30377

G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2024-30377

CVE-2024-30377 affects G DATA Total Security. The vulnerability lies in the G DATA AntiVirus Scan Server: by abusing symbolic links, a local attacker can delete arbitrary files and escalate privileges to SYSTEM, potentially executing arbitrary code. Public documents cite ZDI as the advisory sourc...

CVE-2024-30377 G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability

G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target...