136 matches found
Amazon Linux 2 : redis (ALASREDIS6-2023-001)
The version of redis installed on the remote host is prior to 6.2.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2023-001 advisory. Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTR...
SUSE SLES15 / openSUSE 15 Security Update : redis7 (SUSE-SU-2023:3711-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3711-1 advisory. - CVE-2023-41053: Fixed SORTRO may bypass ACL configuration bsc1215094. Tenable has extracted the preceding description block...
Fedora 38 : redis (2023-03422cb8de)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-03422cb8de advisory. Redis 7.0.13 Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes CVE-2023-41053 Redis does not...
CVE-2023-41053
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...
CVE-2023-41053
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...
CVE-2023-41053
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...
CVE-2023-41053
CVE-2023-41053 affects Redis 7.0+ where SORT_RO can bypass ACL checks, potentially exposing keys not authorized by the ACL. The root cause is improper key identification for SORT_RO, enabling access to non-permitted keys under existing ACLs. Documented impact is an ACL bypass with local access re...
CVE-2023-41053
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...
H2 Web Interface Create Alias RCE
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
H2 Database Web Interface Create Alias Remote Code Execution Exploit
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
PT-2023-5110 · H2 +2 · H2 +2
Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 Description: The issue is related to the incorrect management of code generation in the Metabase platform, which could allow remote...
CVE-2022-24834
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...
CVE-2023-36824
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...
CVE-2023-36824
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...
Advisory ROSA-SA-2023-2174
software: redis 7.0.11 OS: ROSA-CHROME packageevrstring: redis-7.0.11-1.src.rpm CVE-ID: CVE-2022-35977 BDU-ID: 2023-00695 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system DBMS is related to integer overflow during object processing. Exploitation of the...
The vulnerability of the structural component of the database management system (DBMS) Redis software used in ABB eSOMS, a production process management system, allows a hacker to gain unauthorized access to protected information.
The vulnerability of the structural component of the Redis database management system for managing manufacturing processes in ABB eSOMS lies in the storage of passwords in a recoverable format. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected informatio...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-164)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-164 advisory. Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and...
CVE-2023-28856
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...
CVE-2023-28425
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...
CVE-2023-28425
CVE-2023-28425 affects Redis 7.0.8 and earlier versions up to 7.0.9; authenticated users can use MSETNX to trigger a runtime assertion that terminates the server. The issue is fixed in Redis 7.0.10. Impact: availability loss (server crash). Remediation: upgrade to Redis 7.0.10 or later (per the p...