Lucene search
K

136 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.50 views

Amazon Linux 2 : redis (ALASREDIS6-2023-001)

The version of redis installed on the remote host is prior to 6.2.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2023-001 advisory. Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTR...

6.5CVSS7AI score0.69355EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/09/21 12:0 a.m.28 views

SUSE SLES15 / openSUSE 15 Security Update : redis7 (SUSE-SU-2023:3711-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3711-1 advisory. - CVE-2023-41053: Fixed SORTRO may bypass ACL configuration bsc1215094. Tenable has extracted the preceding description block...

3.3CVSS6.6AI score0.0034EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/16 12:0 a.m.27 views

Fedora 38 : redis (2023-03422cb8de)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-03422cb8de advisory. Redis 7.0.13 Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes CVE-2023-41053 Redis does not...

3.3CVSS7AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2023/09/06 9:15 p.m.19 views

CVE-2023-41053

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...

3.3CVSS4.1AI score0.0034EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/09/06 9:15 p.m.21 views

CVE-2023-41053

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...

3.3CVSS6.2AI score0.0034EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/09/06 8:22 p.m.25 views

CVE-2023-41053

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...

3.3CVSS4.3AI score0.0034EPSS
Exploits0
CVE
CVE
added 2023/09/06 8:22 p.m.701 views

CVE-2023-41053

CVE-2023-41053 affects Redis 7.0+ where SORT_RO can bypass ACL checks, potentially exposing keys not authorized by the ACL. The root cause is improper key identification for SORT_RO, enabling access to non-permitted keys under existing ACLs. Documented impact is an ACL bypass with local access re...

3.3CVSS4.1AI score0.0034EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2023/09/06 8:22 p.m.37 views

CVE-2023-41053

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...

3.3CVSS4.3AI score0.0034EPSS
Exploits0
Metasploit
Metasploit
added 2023/08/16 7:50 p.m.844 views

H2 Web Interface Create Alias RCE

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

8.8CVSS7.3AI score0.34986EPSS
Exploits2
0day.today
0day.today
added 2023/08/16 12:0 a.m.551 views

H2 Database Web Interface Create Alias Remote Code Execution Exploit

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.4 views

PT-2023-5110 · H2 +2 · H2 +2

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 Description: The issue is related to the incorrect management of code generation in the Metabase platform, which could allow remote...

10CVSS9.5AI score0.01124EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2023/07/13 2:35 p.m.53 views

CVE-2022-24834

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

8.8CVSS7.2AI score0.4292EPSS
Exploits1
NVD
NVD
added 2023/07/11 5:15 p.m.23 views

CVE-2023-36824

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...

8.8CVSS8.6AI score0.74822EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/07/11 5:15 p.m.34 views

CVE-2023-36824

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...

8.8CVSS7AI score0.74822EPSS
Exploits0References3
Rosalinux
Rosalinux
added 2023/06/27 7:49 a.m.42 views

Advisory ROSA-SA-2023-2174

software: redis 7.0.11 OS: ROSA-CHROME packageevrstring: redis-7.0.11-1.src.rpm CVE-ID: CVE-2022-35977 BDU-ID: 2023-00695 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Redis database management system DBMS is related to integer overflow during object processing. Exploitation of the...

6.5CVSS7.3AI score0.69355EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2023/05/31 12:0 a.m.4 views

The vulnerability of the structural component of the database management system (DBMS) Redis software used in ABB eSOMS, a production process management system, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the structural component of the Redis database management system for managing manufacturing processes in ABB eSOMS lies in the storage of passwords in a recoverable format. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected informatio...

6.1CVSS6.3AI score0.00289EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/03 12:0 a.m.34 views

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-164)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-164 advisory. Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and...

6.5CVSS7.1AI score0.54978EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2023/04/18 8:50 p.m.30 views

CVE-2023-28856

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

6.5CVSS5.6AI score0.00963EPSS
Exploits0
NVD
NVD
added 2023/03/20 8:15 p.m.20 views

CVE-2023-28425

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS5.7AI score0.54978EPSS
Exploits0References4
CVE
CVE
added 2023/03/20 7:3 p.m.146 views

CVE-2023-28425

CVE-2023-28425 affects Redis 7.0.8 and earlier versions up to 7.0.9; authenticated users can use MSETNX to trigger a runtime assertion that terminates the server. The issue is fixed in Redis 7.0.10. Impact: availability loss (server crash). Remediation: upgrade to Redis 7.0.10 or later (per the p...

5.5CVSS5.6AI score0.54978EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder