Kaeso

Name of the Vulnerable Software and Affected Versions: mrlg4php versions prior to 1.0.8 Description: The issue allows remote attackers to execute arbitrary shell code. Recommendations: For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Redis versions 2.8.x through 2.8.23 Redis versions 3.0.x through 3.0.5 **Description** The issue is related to an integer overflow in the getnum function in lua struct.c. This allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service, including memory corruption and application crash, or possibly bypass intended sandbox restrictions. The attack is triggered by a large number, which causes a stack-based buffer overflow. **Recommendations** For Redis versions 2.8.x through 2.8.23, update to version 2.8.24 or later. For Redis versions 3.0.x through 3.0.5, update to version 3.0.6 or later.