114 matches found
OESA-2024-1435 pcp security update
PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A flaw was found in PCP. The default pmproxy configuration expose...
CVE-2024-3019
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
CVE-2024-3019
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
CVE-2024-3019 Pcp: exposure of the redis server backend allows remote command execution via pmproxy
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
CVE-2024-3019
CVE-2024-3019 : In PCP, the default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with Redis user privileges. Exploitation is possible only if pmproxy is running (default is not started). Affected versions: PCP 4.3.4 and newer. Evid...
CVE-2024-3019
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
CVE-2023-47004
An out-of-bounds write flaw was found in RedisGraph, a module for the Redis server, due to improper code logic after a valid authentication. This issue may lead to arbitrary code execution...
Race Condition
libredis.so is vulnerable to Race Condition. The vulnerability allows an attacker to gain unauthorized access to a Redis server by exploiting a race condition that occurs when the server is starting up. The attacker could exploit this vulnerability by sending a specially crafted request to a...
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...
Design/Logic Flaw
An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...
Extreme Networks Switch Engine Security Vulnerability
Extreme Networks Switch Engine EXOS is a switch engine from Extreme Networks. A security vulnerability exists in Extreme Networks Switch Engine versions prior to 32.5.1.5, which stems from an Access Control Error vulnerability. An attacker could exploit the vulnerability to gain escalation...
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...
CVE-2023-43119
CVE-2023-43119 concerns Extreme Networks Switch Engine (EXOS) prior to 32.5.1.5, where an Access Control issue permits attackers to escalate privileges through crafted telnet commands via the Redis server. The vulnerability has been fixed in EXOS versions 22.7, 31.7.2, and 32.5.1.5 or later. Affe...
`HINCRBYFLOAT` can be used to crash a redis-server process
...
Denial Of Service (DoS)
redis is vulnerable to Denial of Service DoS attacks. Authenticated users can trigger an integer overflow, resulting in runtime assertion and termination of the Redis server process using specially crafted commands such as SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD...
SUSE CVE-2018-12453
Type confusion in the xgroupCommand function in tstream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream...
redis: Malformed Lua script can crash Redis
A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process...