Tag
#redis
Backdoor.Win32.BlackAngel.13 malware suffers from a code execution vulnerability.
Backdoor.Win32.Delf.yj malware suffers from an information leakage vulnerability.
### Summary Unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include `redirect` query string. For example: - Project is configured with OpenID or OAuth2 - Project is configured with cache enabled - User tries to login via SSO link, but without `redirect` query string - After successful login, credentials are cached - If an unauthenticated user tries to login via SSO link, it will return the credentials of the other last user The SSO link is something like `https://directus.example.com/auth/login/openid/callback`, where `openid` is the name of the OpenID provider configured in Directus ### Details This happens because on that endpoint for both OpenId and Oauth2 Directus is using the `respond` middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. For OpenID, thi...
Backdoor.Win32.Symmi.qua malware suffers from a buffer overflow vulnerability.
HackTool.Win32.Freezer.br (WinSpy) malware suffers from an insecure credential storage vulnerability.
Backdoor.Win32.Optix.02.b malware suffers from a hardcoded credential vulnerability.
Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) malware suffers from a code execution vulnerability.
Backdoor.Win32.PoisonIvy.ymw malware suffers from an insecure credential storage vulnerability.
Backdoor.Win32.Nightmare.25 malware suffers from a code execution vulnerability.
Gentoo Linux Security Advisory 202408-5 - Multiple vulnerabilities have been discovered in Redis, the worst of which may lead to a denial of service or possible remote code execution. Versions greater than or equal to 7.2.4 are affected.