Redis is a memory based high-speed key value pair database widely used in the world. On July 21, 2021, Redis officially announced that CVE-2021-32761 32-bit Redis remote code execution vulnerability was disclosed. In 32-bit Redis, an attacker can use the * BIT * command and the proto max bulk len configuration parameter in the case of unauthorized access to Redis, which may cause a shaping overflow and eventually lead to remote code execution. At present, there is no relevant script outflow, and the vulnerability only affects 32-bit Redis. Wuhan Cloud Summit Emergency Response Center reminds Redis users to take security measures to prevent vulnerability attacks as soon as possible.

Recently, Wuhan Cloud Summit Emergency Response Center monitored that fastjson's official git disclosed that fastjson has the latest deserialization remote code execution vulnerability gadgets. Using the latest gadgets, attackers can remotely execute arbitrary commands on the server, or cause SSRF vulnerabilities, with a high risk. The official has released the latest version 1.2.67 to fix this vulnerability. Users who use fastjson should upgrade to the secure version as soon as possible.

Vulnerability description: Riddle is a security vulnerability found in Oracle MySQL 5.5 and 5.6 client databases. An attacker is allowed to use Riddle vulnerability in the man in the middle position to break the SSL configuration connection between MySQL client and server. When MySQL 5.5 and 5.6 send data, including user name and password, to the server, an attacker can capture them. The security update for 5.5.49 and 5.6.30 did not completely fix the vulnerability. After version 5.7 and the MariaDB system are not affected by vulnerabilities. Affected version: MySQL 5.5 and 5.6 Vulnerability level: medium risk repair suggestion: Upgrade MySQL to 5.7. Learn more about http

Security bulletin No.: CNTA-2017-0027 On April 11, Microsoft released its monthly routine security bulletin in April 2017, fixing 174 security vulnerabilities in many of its products. The affected products include Windows 10 (68), Windows 10/Server 2016 (24), Windows 8.1/Server 2012 R2 (24), Windows Server 2012 (18), Windows 7/Server 2008 R2 (15), Windows Vista/Server 2008 (11), the Internet

Vulnerability description: The udp. c file in the Linux kernel before 4.5 has a security vulnerability, The udp. c in the Linux kernel allows remote attackers to execute arbitrary code through UDP traffic, which will trigger the insecure second checksum calculation when executing the recv system call with the MSG_PEEK flag. Remote attackers can carefully construct data to execute arbitrary code, further leading to local empowerment. It is recommended that some major Linux distributions, such as Ubuntu and Debian, have deployed the repaired build version as early as February this year; Red Ha…