Security
Headlines
HeadlinesLatestCVEs

Tag

#redis

CVE-2022-39357: Release v1.2.1 · wintercms/winter

Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.

CVE
Open in Source
#sql#web#windows#linux#redis#js#git#java#php#perl#auth
New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes

By Deeba Ahmed The Austin, Texas-based American cybersecurity technology CrowdStrike has discovered a brand-new cryptojacking campaign in which attackers are targeting… This is a post from HackRead.com Read the original post: New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes

CVE-2022-35739: PRTG Network Monitor - Version History

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

Backdoor.Win32.Psychward.10 MVID-2022-0651 Remote Command Execution

Backdoor.Win32.Psychward.10 malware suffers from an unauthenticated remote command execution vulnerability.

Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution

Email-Worm.Win32.Kipis.c malware suffers from a remote file write vulnerability that allows for remote code execution.

Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass

Backdoor.Win32.Delf.arh malware suffers from an authentication bypass vulnerability.

CVE-2022-3647: Avoid crash on crash report when a bad function pointer was called (#… · redis/redis@0bf90d9

A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability.

CVE-2022-39267: Authentication check flaw leads to authentication bypass

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.

RRX IOB LP 1.0 DNS Cache Snooping

RRX IOB LP version 1.0 suffers from a DNS cache snooping vulnerability.

WiFi File Transfer 1.0.8 Cross Site Scripting

WiFi File Transfer version 1.0.8 suffers from a cross site scripting vulnerability.