358 matches found
CVE-2013-0180
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds...
UBUNTU-CVE-2013-0178
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm...
The vulnerability of the HyperLogLog algorithm in a resident database management system for NoSQL Redis lies in the fact that the output of the operation may exceed the buffer limits in memory. This allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.
The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis stems from a flaw in the HyperLogLog data structure. This flaw occurs when the SETRANGE command is executed, allowing up to 3 bytes of information to be written beyond the memory buffer...
USN-4061-1: Redis vulnerabilities
It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code...
Redis Unauthorized Access Vulnerability (CNVD-2019-21763)
Redis is an open source using ANSI C language , support for network , memory-based can also be persistent log-type , Key-Value database , and provides a variety of languages API. An unauthorized access vulnerability exists in Redis. An attacker can exploit this vulnerability to execute arbitrary...
Acunetix Vulnerability Scanner Now With Network Security Scans
User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technolo...
CVE-2018-0181
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...
PT-2018-4902 · Redis · Redis
Name of the Vulnerable Software and Affected Versions: redis affected versions not specified Description: A permissions flaw was found, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use...
DuckDuckGo: SSRF on duckduckgo.com/iu/
Normally, a call to https://duckduckgo.com/iu contains a query parameter u with some path using the domain yimg.com. This call will succeed in most cases. F337121 And if we change that path to something like https://google.com it's rejected. F337118 However, it appears that the check that ensures...
EUVD-2018-3258
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...
cloudpub-redis remote code execution vulnerability
cloudpub-redis is a package for installing redis server. A security vulnerability exists in cloudpub-redis that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing th...
The vulnerability of the clusterLoadConfig function in the Redis database management system allows a attacker to cause service interruptions or other adverse effects.
The vulnerability of the clusterLoadConfig function in the Redis database management system arises from an operation that occurs outside the buffer in memory, due to the lack of checks on the values of migratingslotsto and migratingslotsfrom, which are defined in the configuration file. Exploitin...
DEBIAN-CVE-2017-1000248
Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...
PT-2017-4250 · Redis +1 · Redis +1
Name of the Vulnerable Software and Affected Versions: Redis versions prior to 3.2.7 Description: The issue is related to the networking.c component of the Redis database management system, which lacks a check for POST and Host: strings. This allows for "Cross Protocol Scripting" and can be...
DEBIAN-CVE-2016-8339
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG S...
CVE-2013-7458
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .redisclihistory, which allows local users to obtain sensitive information by reading the file...
redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow
An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server denial of service or gain code execution outside of the Lua sandbox...
DEBIAN-CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...