Lucene search
K

132 matches found

Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.23 views

Photon OS 3.0: Redis PHSA-2023-3.0-0549

An update of the redis package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0549. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

6.5CVSS7.7AI score0.59706EPSS
Exploits0References3
OSV
OSV
added 2023/11/06 12:52 p.m.7 views

SUSE-SU-2023:4376-1 Security update for redis

This update for redis fixes the following issues: - CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation bsc1216376...

3.6CVSS5.3AI score0.00444EPSS
Exploits0References3
OSV
OSV
added 2023/08/23 6:8 p.m.11 views

SUSE-SU-2023:3407-1 Security update for redis

This update for redis fixes the following issues: - CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field. bsc1210548 - CVE-2022-24834: Fixed a heap overflow in the cjson and cmsgpack libraries. bsc1213193...

8.8CVSS7.6AI score0.41409EPSS
Exploits1References5
OSV
OSV
added 2023/05/19 11:5 a.m.3 views

OESA-2023-1289 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create...

6.5CVSS8.9AI score0.00963EPSS
Exploits0References2
OSV
OSV
added 2023/05/08 9:29 a.m.9 views

SUSE-SU-2023:2122-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-36021: Fixed possible integer overflow via specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands bsc1208790. - CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field bsc1210548. - CVE-2023-25155...

6.5CVSS6.5AI score0.59706EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2023/04/28 12:0 a.m.25 views

Fedora: Security Advisory for redis (FEDORA-2023-e4e3393396)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.00963EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/18 8:50 p.m.3 views

CVE-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

5.5CVSS6.5AI score0.00963EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2023/03/26 12:0 a.m.29 views

py39-redis -- can send response data to the client of an unrelated request

drago-balto reports: redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner...

6.5CVSS6.2AI score0.01034EPSS
Exploits0References1
OSV
OSV
added 2023/03/10 8:39 a.m.10 views

SUSE-SU-2023:0694-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands bsc1208790. - CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion bsc1208793. The following non-security bug was fixed: - Fixed...

6.5CVSS6.4AI score0.59706EPSS
Exploits0References6
OSV
OSV
added 2023/03/10 7:17 a.m.8 views

SUSE-SU-2023:0693-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands bsc1208790. - CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion bsc1208793...

6.5CVSS6.4AI score0.59706EPSS
Exploits0References5
OSV
OSV
added 2023/02/07 9:39 a.m.6 views

SUSE-SU-2023:0295-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash bsc1207202. - CVE-2023-22458: Fixed a missing check that could allow authenticated users to cause a crash bsc1207203...

5.5CVSS5.7AI score0.69355EPSS
Exploits0References6
OSV
OSV
added 2023/02/06 4:17 p.m.8 views

SUSE-SU-2023:0274-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash bsc1207202...

5.5CVSS5.7AI score0.33269EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2022/11/22 12:0 a.m.43 views

redis security and bug fix update

6.2.7-1 - rebase to 6.2.7 2083151...

7.8CVSS1AI score0.02264EPSS
Exploits2
OSV
OSV
added 2022/11/08 6:22 a.m.25 views

RLSA-2022:7541 Low: redis:6 security, bug fix, and enhancement update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

3.9CVSS7.1AI score0.02264EPSS
Exploits2References4
OSV
OSV
added 2022/09/21 6:15 p.m.9 views

MGASA-2022-0339 Updated redis packages fix security vulnerability

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS6.7AI score0.02264EPSS
Exploits2References6
OSV
OSV
added 2022/08/26 11:4 a.m.8 views

OESA-2022-1866 redis6 security update

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

5.3CVSS6.9AI score0.01702EPSS
Exploits0References2
OSV
OSV
added 2022/06/02 3:34 p.m.8 views

SUSE-SU-2022:1929-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection bsc1198952. - CVE-2022-24736: Fixed Lua NULL pointer dereference bsc1198953...

7.8CVSS6.6AI score0.02264EPSS
Exploits2References5
OSV
OSV
added 2022/05/25 12:35 p.m.8 views

SUSE-SU-2022:1842-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection bsc1198952. - CVE-2022-24736: Fixed Lua NULL pointer dereference bsc1198953...

7.8CVSS6.6AI score0.02264EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2022/05/14 3:31 a.m.26 views

yii2-redis Potential Remote code execution

Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...

9.8CVSS8.1AI score0.01588EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/11/23 2:48 p.m.7 views

SUSE-SU-2021:3772-1 Security update for redis

This update for redis fixes the following issues: - CVE-2021-32627: Fixed integer to heap buffer overflows with streams bsc1191305. - CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types bsc1191305. - CVE-2021-32687: Fixed integer to heap buffer overflow with...

9CVSS6.8AI score0.1578EPSS
Exploits0References16
Rows per page
Query Builder