132 matches found
Photon OS 3.0: Redis PHSA-2023-3.0-0549
An update of the redis package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0549. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
SUSE-SU-2023:4376-1 Security update for redis
This update for redis fixes the following issues: - CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation bsc1216376...
SUSE-SU-2023:3407-1 Security update for redis
This update for redis fixes the following issues: - CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field. bsc1210548 - CVE-2022-24834: Fixed a heap overflow in the cjson and cmsgpack libraries. bsc1213193...
OESA-2023-1289 redis security update
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create...
SUSE-SU-2023:2122-1 Security update for redis
This update for redis fixes the following issues: - CVE-2022-36021: Fixed possible integer overflow via specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands bsc1208790. - CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field bsc1210548. - CVE-2023-25155...
Fedora: Security Advisory for redis (FEDORA-2023-e4e3393396)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...
py39-redis -- can send response data to the client of an unrelated request
drago-balto reports: redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner...
SUSE-SU-2023:0694-1 Security update for redis
This update for redis fixes the following issues: - CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands bsc1208790. - CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion bsc1208793. The following non-security bug was fixed: - Fixed...
SUSE-SU-2023:0693-1 Security update for redis
This update for redis fixes the following issues: - CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands bsc1208790. - CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion bsc1208793...
SUSE-SU-2023:0295-1 Security update for redis
This update for redis fixes the following issues: - CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash bsc1207202. - CVE-2023-22458: Fixed a missing check that could allow authenticated users to cause a crash bsc1207203...
SUSE-SU-2023:0274-1 Security update for redis
This update for redis fixes the following issues: - CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash bsc1207202...
redis security and bug fix update
6.2.7-1 - rebase to 6.2.7 2083151...
RLSA-2022:7541 Low: redis:6 security, bug fix, and enhancement update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
MGASA-2022-0339 Updated redis packages fix security vulnerability
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...
OESA-2022-1866 redis6 security update
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
SUSE-SU-2022:1929-1 Security update for redis
This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection bsc1198952. - CVE-2022-24736: Fixed Lua NULL pointer dereference bsc1198953...
SUSE-SU-2022:1842-1 Security update for redis
This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection bsc1198952. - CVE-2022-24736: Fixed Lua NULL pointer dereference bsc1198953...
yii2-redis Potential Remote code execution
Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...
SUSE-SU-2021:3772-1 Security update for redis
This update for redis fixes the following issues: - CVE-2021-32627: Fixed integer to heap buffer overflows with streams bsc1191305. - CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types bsc1191305. - CVE-2021-32687: Fixed integer to heap buffer overflow with...