Lucene search
K

136 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-45576

Malicious code in bioql PyPI...

3.3CVSS4.5AI score0.0034EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/10/03 7:27 p.m.8 views

CVE-2025-49844

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...

9.9CVSS7.9AI score0.86767EPSS
Exploits14
Debian CVE
Debian CVE
added 2025/10/03 7:12 p.m.3 views

CVE-2025-46819

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

7.1CVSS6.7AI score0.01023EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/10/03 5:52 p.m.4 views

CVE-2025-46817

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...

8.8CVSS7.5AI score0.03692EPSS
Exploits1
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.3 views

SAP S/4HANA 安全漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from a lack of authorization checking, which could be exploited by an attacker to gain unauthorized access to...

4.3CVSS6.7AI score0.00225EPSS
Exploits0References5
OSV
OSV
added 2024/10/09 4:30 p.m.20 views

BIT-KEYDB-2024-31449 Lua library commands may lead to stack overflow and RCE in Redis

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scriptin...

8.8CVSS7.3AI score0.04488EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2024/10/07 11:25 p.m.20 views

CVE-2024-31449

A flaw was found in Redis. This flaw allows an authenticated user to use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. Mitigation Mitigation for this...

7CVSS7AI score0.04488EPSS
Exploits1References5
OSV
OSV
added 2024/08/22 7:44 p.m.28 views

BIT-VALKEY-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS6.5AI score0.02189EPSS
Exploits1References11
OSV
OSV
added 2024/08/22 7:44 p.m.12 views

BIT-VALKEY-2022-24736 A Malformed Lua script can crash Redis

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

5.5CVSS5.5AI score0.01498EPSS
Exploits1References11
OSV
OSV
added 2024/08/22 7:44 p.m.25 views

BIT-VALKEY-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

8.8CVSS8.1AI score0.4292EPSS
Exploits1References5
OSV
OSV
added 2024/08/22 7:42 p.m.22 views

BIT-VALKEY-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS5.5AI score0.54978EPSS
Exploits0References5
OSV
OSV
added 2024/08/22 7:41 p.m.19 views

BIT-VALKEY-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

6.5CVSS6.2AI score0.00963EPSS
Exploits0References9
OSV
OSV
added 2024/08/22 7:41 p.m.18 views

BIT-VALKEY-2023-36824 Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...

8.8CVSS8.5AI score0.74822EPSS
Exploits0References6
OSV
OSV
added 2024/08/22 7:40 p.m.24 views

BIT-VALKEY-2023-41056 Redis vulnerable to integer overflow in certain payloads

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4...

8.1CVSS8.3AI score0.02582EPSS
Exploits0References7
OSV
OSV
added 2024/08/22 7:40 p.m.20 views

BIT-VALKEY-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS5.5AI score0.00444EPSS
Exploits0References8
OSV
OSV
added 2024/08/22 7:27 p.m.24 views

BIT-KEYDB-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS6.5AI score0.02189EPSS
Exploits1References11
OSV
OSV
added 2024/03/06 11:8 a.m.32 views

BIT-REDIS-2021-32672 Vulnerability in Lua Debugger in Redis

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

5.3CVSS6AI score0.01702EPSS
Exploits0References10
OSV
OSV
added 2024/03/06 11:6 a.m.41 views

BIT-REDIS-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

8.8CVSS8.1AI score0.4292EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:5 a.m.25 views

BIT-REDIS-2022-31144 Potential heap overflow in Redis

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

8.8CVSS8AI score0.02383EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:5 a.m.36 views

BIT-REDIS-2022-35951 Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

9.8CVSS8.4AI score0.02742EPSS
Exploits0References5
Rows per page
Query Builder