53 matches found
FreeFloat FTP Server 安全漏洞
FreeFloat FTP Server is an FTP service from FreeFloat. A buffer overflow vulnerability exists in FreeFloat FTP Server, which stems from the component SET Command Handler failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...
CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
BIT-KEYDB-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
CVE-2024-27011
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result ...
BIT-REDIS-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G 跨站请求伪造漏洞
The Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G is a mobile network wireless router from Guangzhou Tozed Kangwei Intelligent Technology. A security vulnerability exists in the Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G S10G3.11.6, which allows an attacker to take over a user'...
SUSE CVE-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
CVE-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
PYSEC-2023-312
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
DEBIAN-CVE-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
PT-2023-12146 · Redis +2 · Redis +2
Name of the Vulnerable Software and Affected Versions: Redis versions prior to 6.2 Redis versions prior to 6cbea7d Description: The issue allows a replica to cause an assertion failure in a primary server by sending a non-administrative command, specifically a SET command. This was fixed for Redi...
CVE-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
CVE-2021-31294
CVE-2021-31294 : Redis before 6cbea7d allows a replica to trigger an assertion failure on a primary server by sending a non-administrative command (specifically, SET). The issue is resolved in Redis 6.2.x and 7.x (2021). Affected line: Redis pre-6.2 safety guarantees did not apply. Practical impa...
The vulnerability of the set_cmnd_path() function in the Sudo system administration program, which allows a hacker to cause a service failure.
The vulnerability of the setcmndpath function in the Sudo system administration program is related to the repeated release of memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
Microsoft CMD.EXE Integer Overflow
Hi @ll, the subject says it all: a 25 year old TRIVIAL signed integer arithmetic bug which may well have earned a PhD now crashes Windows' command interpreter CMD.exe via its builtin SET command. See their documentation: Classification CWE-190: Integer Overflow or Wraparound CWE-248: Uncaught...
CVE-2021-32761
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis BIT command are vulnerable to integer overflow that...
Improper Control of Dynamically-Managed Code Resources in config-shield
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...