229 matches found
redis: Code injection via Lua script execution environment
A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user...
redis: Malformed Lua script can crash Redis
A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process...
httpd: mod_lua: DoS in r:parsebody
A flaw was found in the modlua module of httpd. A malicious request to a Lua script that calls parsebody0 can lead to a denial of service due to no default limit on the possible input size...
redis security and bug fix update
An update is available for redis. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as a data-structu...
RLSA-2022:8096 Low: redis security and bug fix update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Low: redis security and bug fix update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
ALSA-2022:8096 Low: redis security and bug fix update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
RHEL 9 : redis (RHSA-2022:8096)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8096 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...
AlmaLinux 8 : redis:6 (ALSA-2022:7541)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7541 advisory. redis: Code injection via Lua script execution environment CVE-2022-24735 redis: Malformed Lua script can crash Redis CVE-2022-24736 Tenable has extracted...
CentOS 8 : redis:6 (CESA-2022:7541)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7541 advisory. - redis: Code injection via Lua script execution environment CVE-2022-24735 - redis: Malformed Lua script can crash Redis CVE-2022-24736 Note that Ness...
redis: Malformed Lua script can crash Redis
A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process...
RLSA-2022:7541 Low: redis:6 security, bug fix, and enhancement update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
redis:6 security, bug fix, and enhancement update
An update is available for redis. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as a data-structu...
ALSA-2022:7541 Low: redis:6 security, bug fix, and enhancement update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Low: redis:6 security, bug fix, and enhancement update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
RHEL 8 : redis:6 (RHSA-2022:7541)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7541 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...
Amazon Linux 2022 : redis6, redis6-devel (ALAS2022-2022-199)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-199 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...
EulerOS 2.0 SP3 : httpd (EulerOS-SA-2022-2614)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...
EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2022-2506)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. T...
GLSA-202209-17 : Redis: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202209-17 Redis: Multiple Vulnerabilities - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be...