#redis

TrojanSpy.Win64.EMOTET.A malware suffers from a code execution vulnerability.

Backdoor.Win32.AsyncRat malware suffers from a code execution vulnerability.

Panel.SmokeLoader malware suffers from cross site request forgery, and cross site scripting vulnerabilities.

Panel.SmokeLoader malware suffers from a cross site scripting vulnerability.

Panel Amadey.d.c malware suffers from cross site scripting vulnerabilities.

By Uzair Amir Remember Minesweeper? It's not just a game - it's a hidden training ground for work skills! Sharpen your decision-making, focus, and strategic thinking with every click. This is a post from HackRead.com Read the original post: A Mind at Play: Rediscovering Minesweeper in the Professional Arena

### Impact Any instance of Apollo Router 1.44.0 or 1.45.0 that is using Distributed Query Plan Caching is impacted. These versions were released on 2024-04-12 and 2024-04-22 respectively. The affected versions of Apollo Router contain a bug that could lead to unexpected operations being executed, which can result in unintended data or effects. This only affects Router instances configured to use distributed query plan caching. Router versions other than the ones listed above, and all Router deployments that are not using distributed query plan caching, are unaffected by this defect. If you are using the affected versions, you can check your router’s configuration YAML to verify if you are impacted: ```yaml supergraph: query_planning: cache: # Look for this config below redis: urls: ["redis://..."] ``` A full reference on the[ Distributed Query Plan Caching feature is available here.](https://www.apollographql.com/docs/router/configuration/distributed-cachi...

### Summary Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands. ### Details Since [#26848](https://github.com/renovatebot/renovate/pull/26848), `registryAliases` has become mergeable. This means that the helmv3 manager started honoring its value and uses a `helm repo add <key> <parameters>` command for each defined alias. See source code: https://github.com/renovatebot/renovate/blob/23f3df6216375cb5bcfe027b0faee304f877f891/lib/modules/manager/helmv3/artifacts.ts#L80 The key was not quoted, leading to the ability to use variable references (`$FOO`) in it and have them printed by Renovate on the pull request, or even running any shell commands. ### PoC Inside a repository where Renovate runs, add a Helm chart with an outdated dependency, for example: test-chart/Chart.yaml: ``` apiVersion: v2 name: redis version: 1.0.0 dependencies: - name: redis version: 18.13.10 repository: oc...

Backdoor.Win32.Dumador.c malware suffers from a buffer overflow vulnerability.

Attackers have compromised an 8-year-old version of the cloud platform to distribute various malware that can take over infected systems.