360 matches found
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk.Authenticated users who execute specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, causing Redis to attempt to allocate an impossible amount of memory and result in a Memory Out of Control OOM panic. This issue...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. Redis does not correctly identify keys accessed using SORTRO. As a result, it may grant users who execute this command access to keys that are not explicitly authorized by the ACL configuration. This issue exists in Redis 7.0 or later...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. In affected versions of Redis, a integer overflow bug in the 32-bit Redis version 4.0 or newer can be exploited to corrupt the heap and potentially lead to remote code execution. Redis 4.0 or newer uses a configurable limit f...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. Prior to versions 6.2.7 and 7.0.0, an attacker who attempted to load a specially crafted Lua script could cause a NULL pointer dereference, resulting in a crash of the redis-server process. This issue was fixed in Redis versions 7.0.0 and...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. A user with sufficient privileges can create a malformed ACL selector, which, when accessed, triggers a server panic and subsequent denial of service. This issue has been fixed in Redis 7.2.7 and 7.4.2...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. Upon startup, Redis begins listening on Unix sockets before adjusting its permissions to the configuration provided by the user. If a permissive umask value is used, this can create a race condition that allows another process to establis...
CVE-2026-23479
A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...
TencentOS Server 4: redis (TSSA-2026:0218)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0218 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
PT-2026-39715
Name of the Vulnerable Software and Affected Versions Inbox Zero versions prior to 2.29.3 Description The cleaner email stream endpoint used a shared Redis subscription listener. This configuration could result in thread events for one authenticated account being delivered to another authenticate...
Linux Distros Unpatched Vulnerability : CVE-2026-23631
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica...
Linux Distros Unpatched Vulnerability : CVE-2026-23479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from...
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...
Security Bulletin: Vulnerability in Redis affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Redis has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Exploit for Use After Free in Redis
CVE-2025-49844 RediShell AI-made Revshell PoC Untested comple...
Ubuntu 24.04 LTS : Redis vulnerability (USN-8120-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8120-1 advisory. Seunghyun Lee discovered that Redis incorrectly handled memory during hyperloglog operations. An attacker could use this issue to cause a denial of service, or...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006184)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006184 advisory. Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited grow...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006170)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006170 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to caus...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006176)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006176 advisory. Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis (UTSA-2026-005345)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005345 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis (UTSA-2026-005343)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005343 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to...