Lucene search
K

136 matches found

OSV
OSV
added 2024/03/06 11:5 a.m.29 views

BIT-REDIS-2022-35977 Integer overflow in certain command arguments can drive Redis to OOM panic

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...

5.5CVSS5.7AI score0.33269EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 11:4 a.m.26 views

BIT-REDIS-2023-22458 Integer overflow in multiple Redis commands can lead to denial-of-service

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...

5.5CVSS5.7AI score0.69355EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:4 a.m.30 views

BIT-REDIS-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

6.5CVSS6.2AI score0.00902EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:4 a.m.24 views

BIT-REDIS-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS5.5AI score0.54978EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:4 a.m.31 views

BIT-REDIS-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

6.5CVSS6.2AI score0.00963EPSS
Exploits0References9
OSV
OSV
added 2024/03/06 11:3 a.m.27 views

BIT-REDIS-2023-36824 Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...

8.8CVSS8.5AI score0.74822EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:3 a.m.33 views

BIT-REDIS-2023-41053 Redis SORT_RO may bypass ACL configuration

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...

3.3CVSS4AI score0.0034EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.27 views

Fedora 39 : redis (2024-6ef42a28c9)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6ef42a28c9 advisory. Redis 7.2.4 Released Tue 09 Jan 2024 10:45:52 IST Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2023-41056 In some cases,...

8.1CVSS7.7AI score0.02582EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.35 views

Oracle TimesTen 22.x < 22.1.1.7.0 Multiple Vulnerabilities (July 2023 CPU)

The version of Oracle TimesTen installed on the remote host is 22.x prior to 22.1.1.7.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory - Vulnerability in Oracle TimesTen In-Memory Database component: TimesTen IMDB Dell BSAFE Micro Edition Suite...

9.8CVSS6.9AI score0.01466EPSS
Exploits2References12
NVD
NVD
added 2024/01/10 4:15 p.m.15 views

CVE-2023-41056

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4...

8.1CVSS8.4AI score0.02582EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/12/08 12:0 a.m.6 views

Oracle TimesTen In-Memory Database Installed (Windows)

Binary data oracletimestenimdbwininstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/12/04 12:0 a.m.7 views

Oracle TimesTen In-Memory Database Installed (Linux / Unix)

Binary data oracletimestenimdbnixinstalled.nbin...

7.3AI score
Exploits0References1
OSV
OSV
added 2023/10/31 7:27 a.m.205 views

BIT-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS7AI score0.00444EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.20 views

Fedora 38 : redis (2023-77ed1e26a4)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-77ed1e26a4 advisory. Redis 7.0.14 Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2023-45145 The wrong order...

3.6CVSS7.1AI score0.00444EPSS
Exploits0References2
NVD
NVD
added 2023/10/18 9:15 p.m.24 views

CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS3.9AI score0.00444EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/10/18 9:15 p.m.58 views

CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS6.6AI score0.00444EPSS
Exploits0References4
CVE
CVE
added 2023/10/18 8:17 p.m.355 views

CVE-2023-45145

CVE-2023-45145 affects Redis: on startup Redis opens a Unix socket before applying configured permissions, enabling a brief race condition if umask is permissive. The issue has been fixed in Redis 7.2.2, 7.0.14, and 6.2.14. Connected advisories (Astra Linux, Amazon Linux variants, Debian DLA) cor...

3.6CVSS4AI score0.00444EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/10/18 8:17 p.m.62 views

CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS4.7AI score0.00444EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2023/10/18 8:17 p.m.36 views

CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS4.2AI score0.00444EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.28 views

Amazon Linux 2 : redis (ALASREDIS6-2023-005)

The version of redis installed on the remote host is prior to 6.2.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2023-005 advisory. Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffe...

7.5CVSS7.1AI score0.31049EPSS
Exploits0References4
Rows per page
Query Builder