Security
Headlines
HeadlinesLatestCVEs

Tag

#redis

Red Hat Security Advisory 2024-3369-03

Red Hat Security Advisory 2024-3369-03 - An update is now available for Red Hat OpenShift GitOps v1.10.6 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

Packet Storm
#vulnerability#red_hat#redis#js#git
Red Hat Security Advisory 2024-3368-03

Red Hat Security Advisory 2024-3368-03 - An update is now available for Red Hat OpenShift GitOps v1.12.3 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

Red Hat Security Advisory 2024-3325-03

Red Hat Security Advisory 2024-3325-03 - An update for pcp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-3324-03

Red Hat Security Advisory 2024-3324-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-3323-03

Red Hat Security Advisory 2024-3323-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-3322-03

Red Hat Security Advisory 2024-3322-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-3321-03

Red Hat Security Advisory 2024-3321-03 - An update for pcp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

GHSA-9766-5277-j5hr: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

### Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" (manifest) key to cause ArgoCD to execute any deployment, potentially leveraging ArgoCD's high privileges to take over the cluster. Updating the "cacheEntryHash" in the manifest JSON is necessary, but since it doesn't use a private key for signing its integrity, a simple script can generate a new FNV64a hash matching the new manifest values. The repo-server, unable to verify if its cache is compromised, will read the altered "mfst" key and initiate an update process for the injected deployment. It's also possible to edit the "app|resources-tree" key, causing the ArgoCD server to load any Kubernetes resource into the live manifest section of the app preview. This could lead to an information leak. The fact that the cache in Redis is neither signed nor validated, co...

TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution

TrojanSpy.Win64.EMOTET.A malware suffers from a code execution vulnerability.

Backdoor.Win32.AsyncRat MVID-2024-0683 Code Execution

Backdoor.Win32.AsyncRat malware suffers from a code execution vulnerability.