34 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-24735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior t...
RHEL 8 : redis (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 Note that Nessus has not tested for this issue but...
Amazon Linux 2 : redis (ALASREDIS6-2023-003)
The version of redis installed on the remote host is prior to 6.2.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2023-003 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an...
CBL Mariner 2.0 Security Update: redis (CVE-2022-24735)
The version of redis installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24735 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution...
SUSE CVE-2022-24735
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...
Rocky Linux 9 : redis (RLSA-2022:8096)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8096 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior ...
Rocky Linux 8 : redis:6 (RLSA-2022:7541)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7541 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior ...
Oracle Linux 9 : redis (ELSA-2022-8096)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8096 advisory. 6.2.7-1 - rebase to 6.2.7 2083151 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
AlmaLinux 9 : redis (ALSA-2022:8096)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8096 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis...
Oracle Linux 8 : redis:6 (ELSA-2022-7541)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7541 advisory. 6.2.7-1 - rebase to 6.2.7 1999873 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
RLSA-2022:8096 Low: redis security and bug fix update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
redis security and bug fix update
An update is available for redis. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as a data-structu...
AlmaLinux 8 : redis:6 (ALSA-2022:7541)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7541 advisory. redis: Code injection via Lua script execution environment CVE-2022-24735 redis: Malformed Lua script can crash Redis CVE-2022-24736 Tenable has extracted...
CentOS 8 : redis:6 (CESA-2022:7541)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7541 advisory. - redis: Code injection via Lua script execution environment CVE-2022-24735 - redis: Malformed Lua script can crash Redis CVE-2022-24736 Note that Ness...
Low: Red Hat Security Advisory: redis:6 security, bug fix, and enhancement update
An update for the redis:6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
ALSA-2022:7541 Low: redis:6 security, bug fix, and enhancement update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
RHEL 8 : redis:6 (RHSA-2022:7541)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7541 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...
Low: redis:6 security, bug fix, and enhancement update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Amazon Linux 2022 : redis6, redis6-devel (ALAS2022-2022-199)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-199 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...
Security Bulletin: Vulnerabilities in Redis affect IBM Event Streams (CVE-2022-24736, CVE-2022-24735)
Summary There are a number of vulnerabilities in Redis that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-24736 DESCRIPTION: Redis is vulnerable to a denial of service, caused by a NULL pointer dereference. By loading a specially crafted Lua script, a local authenticated...