150 matches found
CVE-2022-35951
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...
CVE-2022-35951
Redis 7.0.0–7.0.4 are vulnerable to an integer overflow in the XAUTOCLAIM handling on a stream key with a crafted COUNT, which can cause a heap overflow and potentially remote code execution. The issue is fixed in Redis 7.0.5; upgrades to 7.0.5 or later are recommended. Affected versions and the ...
[SECURITY] Fedora 36 Update: golang-github-hashicorp-memdb-1.3.0-6.fc36
The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...
CVE-2022-31144
Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...
CVE-2022-31144 Potential heap overflow in Redis
Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...
CVE-2022-31144
Summary: CVE-2022-31144 is a Redis heap overflow issue triggered by a crafted XAUTOCLAIM on a stream key in certain states. Affects Redis 7.x before 7.0.4. The fix is included in Redis 7.0.4. Several connected sources (Astra Linux, Alpine Linux, Debian, Gentoo GLSA, etc.) reference the same vulne...
[SECURITY] Fedora 35 Update: golang-github-hashicorp-memdb-1.3.0-5.fc35
The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...
[SECURITY] Fedora 36 Update: golang-github-hashicorp-memdb-1.3.0-5.fc36
The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...
CVE-2022-20821 Cisco IOS XR Software Health Check Open Port Vulnerability
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...
Cisco IOS XR Software Health Check Open Port Vulnerability
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...
CVE-2022-20821
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...
CVE-2022-24736
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...
CVE-2022-24736
CVE-2022-24736 affects Redis up to versions 6.2.7 and 7.0.0. A crafted Lua script can trigger a NULL pointer dereference, crashing the redis-server process. The issue is fixed in Redis 7.0.0 and 6.2.7. A partial mitigation is to block SCRIPT LOAD and EVAL via ACL rules if Lua scripting isn’t used...
CVE-2022-24736
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...
H2 Database Console Remote Code Execution
Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...
openSUSE 15 Security Update : redis (openSUSE-SU-2021:3772-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3772-1 advisory. - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis...
CVE-2021-32626
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...
CVE-2021-32672
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...
CVE-2021-32675
CVE-2021-32675 affects Redis and is triggered by parsing Redis Standard Protocol (RESP) requests. An attacker can craft requests to cause Redis to allocate large amounts of memory across multiple connections, potentially impacting availability. The issue is tied to the RESP parsing path and authe...
CVE-2021-32672
Redis contains CVE-2021-32672, a vulnerability in the Redis Lua Debugger where the protocol parser can read data beyond the actual buffer when handling malformed requests. This affects Redis builds that include Lua debugging support (3.2+). The issue is mitigated by upgrading to patched releases:...