Lucene search
+L

118 matches found

Prion
Prion
added 2021/10/04 6:15 p.m.31 views

Integer overflow

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the...

6CVSS8.2AI score0.03839EPSS
Exploits0References9Affected Software4
UbuntuCve
UbuntuCve
added 2021/10/04 6:15 p.m.31 views

CVE-2021-41099

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

7.5CVSS6.8AI score0.03422EPSS
Exploits0References3
Prion
Prion
added 2021/10/04 6:15 p.m.30 views

Integer overflow

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

6CVSS8.1AI score0.03422EPSS
Exploits0References9Affected Software4
AlpineLinux
AlpineLinux
added 2021/10/04 6:5 p.m.28 views

CVE-2021-41099

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

7.5CVSS8.5AI score0.03422EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/10/04 6:5 p.m.43 views

CVE-2021-41099

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

7.5CVSS7.7AI score0.03422EPSS
Exploits0
Cvelist
Cvelist
added 2021/10/04 6:5 p.m.63 views

CVE-2021-41099 Integer overflow issue with strings in Redis

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

7.5CVSS8.5AI score0.03422EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2021/10/04 5:35 p.m.54 views

CVE-2021-32627

Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and...

7.5CVSS8.5AI score0.03688EPSS
Exploits0
Veracode
Veracode
added 2021/07/23 11:39 p.m.23 views

Remote Code Execution

redis is vulnerable to remote code execution. An out-of-bounds read and integer overflow to buffer overflow exists and allows an attacker to execute arbitrary code on the host OS by changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially...

7.5CVSS5.4AI score0.31049EPSS
Exploits0References11Affected Software1
Prion
Prion
added 2021/07/21 9:15 p.m.32 views

Integer overflow

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis BIT command are vulnerable to integer overflow that...

6CVSS8AI score0.31049EPSS
Exploits0References8Affected Software3
NVD
NVD
added 2021/05/04 4:15 p.m.26 views

CVE-2021-29478

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...

8.8CVSS0.03628EPSS
Exploits0References5
OSV
OSV
added 2021/05/04 4:15 p.m.31 views

CVE-2021-29478

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...

8.8CVSS7.5AI score
Exploits0References5
Prion
Prion
added 2021/05/04 4:15 p.m.36 views

Integer overflow

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...

6CVSS8.7AI score0.03628EPSS
Exploits0References5Affected Software2
Debian CVE
Debian CVE
added 2021/05/04 4:0 p.m.53 views

CVE-2021-29478

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...

8.8CVSS8.9AI score0.03628EPSS
Exploits0
Cvelist
Cvelist
added 2020/12/07 12:49 p.m.35 views

CVE-2020-9247

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a...

7.9AI score0.00794EPSS
Exploits0References1
OSV
OSV
added 2020/12/02 6:28 p.m.20 views

GHSA-47QG-Q58V-7VRP UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend

Impact Any install that has UNEDITABLESCHEMAS and/or UNEDITABLETABLEDESCRIPTIONMATCHRULES set in the front-end, is being impacted. The value of these properties is ignored if set, allowing any user to modify table and column descriptions, even though the properties imply they shouldn't be. Patche...

7.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/03/08 1:43 p.m.37 views

CVE-2017-16996

An arbitrary memory r/w access issue was found in the Linux kernel compiled with the eBPF bpf2 system call CONFIGBPFSYSCALL support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this...

7.8CVSS2.4AI score0.00397EPSS
Exploits1References1
OSV
OSV
added 2020/02/28 12:20 p.m.6 views

SUSE-SU-2020:0540-1 Security Beta update for Salt

This update fixes the following issues: salt: - Fix 'osfamily' grain for Astra Linux Common Edition - Update to Salt version 2019.2.3 CVE-2019-17361 bsc1163981 See release notes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html - Enable passing grains to start event based on...

9.8CVSS9.5AI score0.15106EPSS
Exploits0References3
OSV
OSV
added 2020/02/26 4:15 p.m.7 views

CVE-2020-8951

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager Configuration Parameter Translation page...

5.4CVSS6.1AI score0.00637EPSS
Exploits1References1
CVE
CVE
added 2020/02/26 3:28 p.m.52 views

CVE-2020-8951

CVE-2020-8951 affects Fiserv Accurate Reconciliation 2.19.0, where a vulnerability exists in the Configuration Manager’s Source/Destination (Configuration Parameter Translation) fields that can be manipulated to perform cross‑site scripting (XSS). The issue is fixed in version 3.0.0 or higher. Th...

5.4CVSS5.2AI score0.00637EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2020/01/17 6:19 a.m.26 views

Information Disclosure

An attacker is able to obtain the private keys from a JWK keystore file by setting the configuration parameter rs.security.keystore.type to jwk...

7.5CVSS1.4AI score0.0606EPSS
Exploits0References16Affected Software82
Rows per page
Query Builder