Security
Headlines
HeadlinesLatestCVEs

Tag

#redis

GHSA-q4h9-7rxj-7gx2: Netty vulnerability included in redis lettuce

### Summary Note: i'm reporting this in this way purely because it's private and i don't want to broadcast vulnerabilities. > An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. ### Details https://github.com/redis/lettuce/blob/main/pom.xml#L67C9-L67C53 The netty version pinned here is currently ``` <netty.version>4.1.113.Final</netty.version> ``` This version is vulnerable according to Snyk and is affecting one of our products: ![image](https://github.com/user-attachments/assets/a7c78c24-f1e3-4f29-bc49-b252d330002a) Here is a [link](https://www.cve.org/CVERecord?id=CVE-2024-47535) to the CVE ### PoC _Complete instructions, including specific configuration details, to reproduce the vulnerability._ Not applicable ### Impact _What kind of vuln...

ghsa
Open in Source
#vulnerability#windows#dos#redis#git
Red Hat Security Advisory 2024-9472-03

Red Hat Security Advisory 2024-9472-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-8847-03

Red Hat Security Advisory 2024-8847-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.

IBM Security Verify Access 32 Vulnerabilities

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

Red Hat Security Advisory 2024-8534-03

Red Hat Security Advisory 2024-8534-03 - An update is now available for Red Hat Ansible Automation Platform 2.5. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.

IBM Security Verify Access 10.0.8 Open Redirection

IBM Security Verify Access versions 10.0.0 through 10.0.8 suffer from an OAUTH related open redirection vulnerability.

New Tool DVa Detects and Removes Android Malware

Discover DVa, a new tool that detects and removes malware exploiting accessibility features on Android devices. Learn how…

CVE-2024-43590: Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\\ LOCAL SERVICE” account.

New Linux Malware ‘Perfctl’ Targets Millions by Mimicking System Files

New Linux malware ‘Perfctl’ is targeting millions worldwide, mimicking system files to evade detection. This sophisticated malware compromises…

Backdoor.Win32.Benju.a MVID-2024-0700 Remote Command Execution

Backdoor.Win32.Benju.a malware suffers from a remote command execution vulnerability. This is the 700th release of a malvuln finding.