Lucene search
K

358 matches found

ATTACKERKB
ATTACKERKB
added 2019/11/01 7:15 p.m.3 views

CVE-2013-0180

Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds...

5.5CVSS5.5AI score0.00323EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/11/01 7:15 p.m.11 views

UBUNTU-CVE-2013-0178

Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm...

5.5CVSS6AI score0.00415EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/10/16 12:0 a.m.6 views

The vulnerability of the HyperLogLog algorithm in a resident database management system for NoSQL Redis lies in the fact that the output of the operation may exceed the buffer limits in memory. This allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis stems from a flaw in the HyperLogLog data structure. This flaw occurs when the SETRANGE command is executed, allowing up to 3 bytes of information to be written beyond the memory buffer...

9CVSS5.4AI score0.26048EPSS
Exploits0References9Affected Software6
Ubuntu
Ubuntu
added 2019/07/16 1:47 p.m.155 views

USN-4061-1: Redis vulnerabilities

It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.2CVSS7.6AI score0.26048EPSS
Exploits0
CNVD
CNVD
added 2019/07/09 12:0 a.m.2 views

Redis Unauthorized Access Vulnerability (CNVD-2019-21763)

Redis is an open source using ANSI C language , support for network , memory-based can also be persistent log-type , Key-Value database , and provides a variety of languages API. An unauthorized access vulnerability exists in Redis. An attacker can exploit this vulnerability to execute arbitrary...

8AI score
Exploits0References1
Kitploit
Kitploit
added 2019/05/17 8:37 p.m.289 views

Acunetix Vulnerability Scanner Now With Network Security Scans

User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technolo...

7.1AI score
Exploits0
OSV
OSV
added 2019/01/10 12:29 a.m.4 views

CVE-2018-0181

A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...

9.8CVSS5.8AI score0.02174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/10/31 12:0 a.m.4 views

PT-2018-4902 · Redis · Redis

Name of the Vulnerable Software and Affected Versions: redis affected versions not specified Description: A permissions flaw was found, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use...

5.5CVSS4.5AI score0.00374EPSS
Exploits0References10
Hacker One
Hacker One
added 2018/08/23 6:18 p.m.95 views

DuckDuckGo: SSRF on duckduckgo.com/iu/

Normally, a call to https://duckduckgo.com/iu contains a query parameter u with some path using the domain yimg.com. This call will succeed in most cases. F337121 And if we change that path to something like https://google.com it's rejected. F337118 However, it appears that the check that ensures...

0.2AI score
Exploits0
EUVD
EUVD
added 2018/06/17 5:0 p.m.4 views

EUVD-2018-3258

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

9.8CVSS9.6AI score0.58529EPSS
Exploits1References15
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

cloudpub-redis remote code execution vulnerability

cloudpub-redis is a package for installing redis server. A security vulnerability exists in cloudpub-redis that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing th...

9.3CVSS8.2AI score0.01682EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.6 views

The vulnerability of the clusterLoadConfig function in the Redis database management system allows a attacker to cause service interruptions or other adverse effects.

The vulnerability of the clusterLoadConfig function in the Redis database management system arises from an operation that occurs outside the buffer in memory, due to the lack of checks on the values of migratingslotsto and migratingslotsfrom, which are defined in the configuration file. Exploitin...

9.8CVSS8AI score0.01784EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2017/11/17 4:29 a.m.4 views

DEBIAN-CVE-2017-1000248

Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...

9.8CVSS6.9AI score0.01983EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/02/14 12:0 a.m.3 views

PT-2017-4250 · Redis +1 · Redis +1

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 3.2.7 Description: The issue is related to the networking.c component of the Redis database management system, which lacks a check for POST and Host: strings. This allows for "Cross Protocol Scripting" and can be...

9.8CVSS7.3AI score0.58529EPSS
Exploits5References46
OSV
OSV
added 2016/10/28 2:59 p.m.4 views

DEBIAN-CVE-2016-8339

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG S...

9.8CVSS8.6AI score0.14834EPSS
Exploits2References1
OSV
OSV
added 2016/08/10 2:59 p.m.7 views

CVE-2013-7458

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .redisclihistory, which allows local users to obtain sensitive information by reading the file...

3.3CVSS3.6AI score
Exploits0References19
RedHat Linux
RedHat Linux
added 2016/02/01 9:4 p.m.5 views

redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow

An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server denial of service or gain code execution outside of the Lua sandbox...

7.5CVSS6.3AI score0.05362EPSS
Exploits1References4
OSV
OSV
added 2015/06/09 2:59 p.m.3 views

DEBIAN-CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...

10CVSS7.6AI score0.09636EPSS
Exploits2References1
Rows per page
Query Builder