Security
Headlines
HeadlinesLatestCVEs

Tag

#redis

CVE-2022-0074: ols-dockerfiles/Dockerfile at master · litespeedtech/ols-dockerfiles

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.

CVE
Open in Source
#sql#vulnerability#web#ubuntu#redis#memcached#js#git#php#docker
CVE-2022-0072: openlitespeed/httpserver.cpp at v1.7.16 · litespeedtech/openlitespeed

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1

New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances

A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT, which are known to strike misconfigured

CVE-2022-39357: Release v1.2.1 · wintercms/winter

Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.

New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes

By Deeba Ahmed The Austin, Texas-based American cybersecurity technology CrowdStrike has discovered a brand-new cryptojacking campaign in which attackers are targeting… This is a post from HackRead.com Read the original post: New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes

CVE-2022-35739: PRTG Network Monitor - Version History

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

Backdoor.Win32.Psychward.10 MVID-2022-0651 Remote Command Execution

Backdoor.Win32.Psychward.10 malware suffers from an unauthenticated remote command execution vulnerability.

Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution

Email-Worm.Win32.Kipis.c malware suffers from a remote file write vulnerability that allows for remote code execution.

Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass

Backdoor.Win32.Delf.arh malware suffers from an authentication bypass vulnerability.

CVE-2022-3647: Avoid crash on crash report when a bad function pointer was called (#… · redis/redis@0bf90d9

A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability.