Redis 输入验证错误漏洞

Redis is an open source, ANSI C, web-enabled, memory-based and persistent logging, key-value Key-Value storage database from Redis, Inc. that provides APIs in multiple languages. An input validation error vulnerability exists in Redis 8.2.1 and earlier versions, which stems from a specially craft...

CVE-2025-9364 Rockwell Automation FactoryTalk® Analytics™ LogixAI® Exposed Redis DB

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data...

CVE-2025-9364

CVE-2025-9364 describes an open Redis database issue in Rockwell Automation’s FactoryTalk Analytics LogixAI, caused by an overly permissive Redis instance. The vulnerability could allow an attacker on the intranet to access and potentially alter sensitive data. The entry lists high impact (CVSS v...

CVE-2025-9364 Rockwell Automation FactoryTalk® Analytics™ LogixAI® Exposed Redis DB

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data...

ROS-20250710-06

The Redis database management system DBMS vulnerability is related to boundary checking errors in parsing file names. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

CVE-2025-48367

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19...

CVE-2025-48367 Redis DoS Vulnerability due to bad connection error handling

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19...

CVE-2025-48367 Redis DoS Vulnerability due to bad connection error handling

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19...

BIT-REDIS-2025-27151 redis-check-aof may lead to stack overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-size stack buffer. This allo...

BIT-KEYDB-2025-27151 redis-check-aof may lead to stack overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-size stack buffer. This allo...

CVE-2020-23249

GigaVUE-OS GVOS 5.4 - 5.9 stores a Redis database password in plaintext...

CVE-2020-5205

In Pow Hex package before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability...

ROS-20250505-11

The Redis database management system DBMS vulnerability is related to improper management of internal resources in the application when processing output buffers. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

BIT-KEYDB-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

The vulnerability of the RedisTimeSeries time series processing module in the Redis database management system allows a hacker to execute arbitrary code due to integer overflow.

The vulnerability of the RedisTimeSeries time series processing module in the Redis database management system involves integer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially crafted command arguments...

Linux Distros Unpatched Vulnerability : CVE-2022-35977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow...

Linux Distros Unpatched Vulnerability : CVE-2023-22458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to...

Linux Distros Unpatched Vulnerability : CVE-2022-24736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause...

Linux Distros Unpatched Vulnerability : CVE-2024-31449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overfl...

ROS-20250114-13

The Redis database management system DBMS vulnerability is related to the use of memory after its memory after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by injecting a specially crafted lua script A vulnerability in the Redis database...