43 matches found
Astra Linux - уязвимость в redis
Redis is an open-source, in-memory database that persists data on disk. The redis-cli command-line tool and the redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This issue arises due to a vulnerability in the hiredis...
EUVD-2019-19104
Malware in sbrugna...
EUVD-2025-14851
Malicious code in bioql PyPI...
MAL-2025-43545 Malicious code in auth0-chalk-redis-command (npm)
The package auth0-chalk-redis-command was found to contain malicious code...
CVE-2025-26268
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...
CVE-2025-26268
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...
CVE-2025-26268
DragonflyDB pre-1.27.0 is affected. Authenticated users can trigger a denial of service (daemon crash) by sending a crafted Redis command, caused by the scan cursor validity check being missing. Affected: DragonflyDB Dragonfly versions prior to 1.27.0. Remediation: upgrade to 1.27.0 or later (or ...
CVE-2025-26268
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...
PT-2025-17214 · Redis +1 · Redis +1
Name of the Vulnerable Software and Affected Versions: DragonflyDB Dragonfly versions prior to 1.27.0 Description: The issue allows authenticated users to cause a denial of service, resulting in a daemon crash, by sending a crafted Redis command. The problem stems from the lack of validation of t...
CVE-2025-26268
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
...
CVE-2023-28858
CVE-2023-28858 affects the Python Redis client, redis-py, for versions before 4.5.3. The issue is a connection that may remain open after canceling an async Redis command at an inopportune time, which can lead to leakage of response data to the client of an unrelated request in an off-by-one mann...
SUSE CVE-2019-9740
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...
SUSE CVE-2019-9947
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
SUSE CVE-2021-32762
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...
DEBIAN-CVE-2021-32762
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...
ALPINE-CVE-2021-32762
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...
AZL-61842 CVE-2021-32762 affecting package pcp 6.3.2-1
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...
python: CRLF injection via the path part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
CVE-2019-9947
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...