CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ACL configured in ipallow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting proxy.config.acl.subjects to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects...

7.5CVSS7.1AI score

Exploits0References1

Vulnrichment•added 2025/06/19 10:7 a.m.•2 views

CVE-2025-31698 Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL

7.2AI score0.00753EPSS

Exploits0References1

Tenable Nessus•added 2025/05/14 12:0 a.m.•7 views

Alibaba Cloud Linux 3 : 0157: redis:6 (ALINUX3-SA-2023:0157)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0157 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-29477: Redis is an open source BS...

8.8CVSS7.3AI score0.05836EPSS

Exploits0References8

Positive Technologies•added 2025/01/01 12:0 a.m.•2 views

PT-2025-25771 · Apache +1 · Apache Traffic Server +1

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 9.0.0 through 9.2.10 Apache Traffic Server versions 10.0.0 through 10.0.6 Description: The issue arises when the ACL configured in ip allow.config or remap.config does not utilize IP addresses provided by the...

7.8CVSS6.3AI score0.04008EPSS

Exploits0References25

OSV•added 2024/08/22 7:23 p.m.•10 views

BIT-KEYDB-2023-41053 Redis SORT_RO may bypass ACL configuration

Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...

3.3CVSS4AI score0.00824EPSS

Exploits0References6

Tenable Nessus•added 2024/05/11 12:0 a.m.•18 views

RHEL 6 : pki-core (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access...

7.6AI score0.90688EPSS

Exploits4References6

OSV•added 2024/03/06 11:3 a.m.•32 views

BIT-REDIS-2023-41053 Redis SORT_RO may bypass ACL configuration

3.3CVSS4AI score0.00824EPSS

Exploits0References6

Tenable Nessus•added 2024/01/30 12:0 a.m.•39 views

Debian dsa-5610 : redis - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5610 advisory. - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and...

8.8CVSS7.4AI score0.88997EPSS

Exploits1References12

Redos•added 2023/09/18 12:0 a.m.•18 views

ROS-20230915-12

A vulnerability in the Redis database management system is related to insecure privilege management. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to keys that are not explicitly authorized by the ACL configuration...

3.3CVSS7.1AI score0.00824EPSS

Exploits0