Lucene search
K

136 matches found

Fedora
Fedora
added 2022/07/04 1:35 a.m.19 views

[SECURITY] Fedora 36 Update: golang-github-hashicorp-memdb-1.3.0-5.fc36

The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...

9.3CVSS7.9AI score0.05994EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2022/05/26 2:0 p.m.10 views

CVE-2022-20821 Cisco IOS XR Software Health Check Open Port Vulnerability

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

6.5CVSS7.4AI score0.1176EPSS
Exploits0References1
Cisco
Cisco
added 2022/05/20 4:0 p.m.38 views

Cisco IOS XR Software Health Check Open Port Vulnerability

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

6.5CVSS6.8AI score0.1176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/20 12:0 a.m.38 views

CVE-2022-20821

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

6.5CVSS2.1AI score0.1176EPSS
In wildExploits0References2
AlpineLinux
AlpineLinux
added 2022/04/27 7:55 p.m.46 views

CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

5.5CVSS5.7AI score0.01498EPSS
Exploits1
CVE
CVE
added 2022/04/27 7:55 p.m.222 views

CVE-2022-24736

CVE-2022-24736 affects Redis up to versions 6.2.7 and 7.0.0. A crafted Lua script can trigger a NULL pointer dereference, crashing the redis-server process. The issue is fixed in Redis 7.0.0 and 6.2.7. A partial mitigation is to block SCRIPT LOAD and EVAL via ACL rules if Lua scripting isn’t used...

5.5CVSS5.4AI score0.01498EPSS
Exploits1References10Affected Software1
Debian CVE
Debian CVE
added 2022/04/27 7:55 p.m.44 views

CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

5.5CVSS6.5AI score0.01498EPSS
Exploits1
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.318 views

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

0.1AI score0.64766EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2021/11/24 12:0 a.m.49 views

openSUSE 15 Security Update : redis (openSUSE-SU-2021:3772-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3772-1 advisory. - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis...

9CVSS7.2AI score0.1578EPSS
Exploits0References24
OSV
OSV
added 2021/10/04 6:15 p.m.35 views

CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

4.3CVSS3.2AI score
Exploits0References9
OSV
OSV
added 2021/10/04 6:15 p.m.45 views

CVE-2021-32626

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

8.8CVSS2.9AI score
Exploits0References10
CVE
CVE
added 2021/10/04 5:50 p.m.315 views

CVE-2021-32675

CVE-2021-32675 affects Redis and is triggered by parsing Redis Standard Protocol (RESP) requests. An attacker can craft requests to cause Redis to allocate large amounts of memory across multiple connections, potentially impacting availability. The issue is tied to the RESP parsing path and authe...

7.5CVSS8.1AI score0.1578EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2021/10/04 5:40 p.m.300 views

CVE-2021-32672

Redis contains CVE-2021-32672, a vulnerability in the Redis Lua Debugger where the protocol parser can read data beyond the actual buffer when handling malformed requests. This affects Redis builds that include Lua debugging support (3.2+). The issue is mitigated by upgrading to patched releases:...

5.3CVSS6AI score0.01702EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2021/07/21 8:50 p.m.32 views

CVE-2021-32761

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis BIT command are vulnerable to integer overflow that...

7.5CVSS8.1AI score0.31049EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/09/04 9:15 a.m.4 views

redis: Heap buffer overflow in HyperLogLog triggered by malicious client

A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By carefully corrupting a HyperLogLog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding into writing up to 3 bytes beyond the end of a heap-allocated buffer...

7.2CVSS5.9AI score0.26048EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2017/09/13 4:48 p.m.20 views

CVE-2016-3104

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...

7.5CVSS5.2AI score0.02489EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/04/14 6:59 p.m.20 views

CVE-2016-3104

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...

7.5CVSS7.1AI score0.02489EPSS
Exploits0References2
OSV
OSV
added 2017/04/14 6:59 p.m.13 views

CVE-2016-3104

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...

7.5CVSS6.8AI score
Exploits0References3
Debian CVE
Debian CVE
added 2017/04/14 6:0 p.m.22 views

CVE-2016-3104

Removed by vendor...

7.5CVSS7.6AI score0.02489EPSS
Exploits0
OSV
OSV
added 2016/07/30 12:0 a.m.20 views

DLA-577-1 redis - security update

Bulletin has no description...

3.3CVSS3.9AI score0.00484EPSS
Exploits0
Rows per page
Query Builder