Lucene search
K

114 matches found

OSV
OSV
added 2024/04/12 11:7 a.m.4 views

OESA-2024-1435 pcp security update

PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A flaw was found in PCP. The default pmproxy configuration expose...

8.8CVSS6.8AI score0.01002EPSS
Exploits0References2
NVD
NVD
added 2024/03/28 7:15 p.m.20 views

CVE-2024-3019

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...

8.8CVSS8.5AI score0.01002EPSS
Exploits0References10
OSV
OSV
added 2024/03/28 7:15 p.m.8 views

CVE-2024-3019

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...

8.8CVSS8.6AI score0.01002EPSS
Exploits0References10
Cvelist
Cvelist
added 2024/03/28 6:32 p.m.24 views

CVE-2024-3019 Pcp: exposure of the redis server backend allows remote command execution via pmproxy

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...

8.8CVSS8.7AI score0.01002EPSS
Exploits0References10
CVE
CVE
added 2024/03/28 6:32 p.m.227 views

CVE-2024-3019

CVE-2024-3019 : In PCP, the default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with Redis user privileges. Exploitation is possible only if pmproxy is running (default is not started). Affected versions: PCP 4.3.4 and newer. Evid...

8.8CVSS8.5AI score0.01002EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2024/03/28 6:32 p.m.25 views

CVE-2024-3019

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...

8.8CVSS7.4AI score0.01002EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/11/07 2:38 p.m.47 views

CVE-2023-47004

An out-of-bounds write flaw was found in RedisGraph, a module for the Redis server, due to improper code logic after a valid authentication. This issue may lead to arbitrary code execution...

7.5CVSS7.2AI score0.01043EPSS
Exploits1References4
Veracode
Veracode
added 2023/10/20 5:33 a.m.28 views

Race Condition

libredis.so is vulnerable to Race Condition. The vulnerability allows an attacker to gain unauthorized access to a Redis server by exploiting a race condition that occurs when the server is starting up. The attacker could exploit this vulnerability by sending a specially crafted request to a...

3.6CVSS6.9AI score0.00444EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2023/10/16 8:15 p.m.3 views

CVE-2023-43119

An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...

9.8CVSS5.8AI score0.0061EPSS
Exploits0References1
NVD
NVD
added 2023/10/16 8:15 p.m.15 views

CVE-2023-43119

An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...

9.8CVSS9.7AI score0.0061EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/10/16 8:15 p.m.3 views

CVE-2023-43119

An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...

9.8CVSS7.3AI score0.0061EPSS
Exploits0References2
Prion
Prion
added 2023/10/16 8:15 p.m.15 views

Design/Logic Flaw

An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...

7.5CVSS9.5AI score0.0061EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.5 views

Extreme Networks Switch Engine Security Vulnerability

Extreme Networks Switch Engine EXOS is a switch engine from Extreme Networks. A security vulnerability exists in Extreme Networks Switch Engine versions prior to 32.5.1.5, which stems from an Access Control Error vulnerability. An attacker could exploit the vulnerability to gain escalation...

9.8CVSS7AI score0.0061EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/16 12:0 a.m.23 views

CVE-2023-43119

An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...

9.9AI score0.0061EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/16 12:0 a.m.15 views

CVE-2023-43119

An Access Control issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server...

7.4AI score0.0061EPSS
Exploits0References1
CVE
CVE
added 2023/10/16 12:0 a.m.46 views

CVE-2023-43119

CVE-2023-43119 concerns Extreme Networks Switch Engine (EXOS) prior to 32.5.1.5, where an Access Control issue permits attackers to escalate privileges through crafted telnet commands via the Redis server. The vulnerability has been fixed in EXOS versions 22.7, 31.7.2, and 32.5.1.5 or later. Affe...

9.8CVSS9.5AI score0.0061EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2023/04/25 7:0 a.m.4 views

`HINCRBYFLOAT` can be used to crash a redis-server process

...

6.5CVSS5.7AI score0.00963EPSS
Exploits0
Veracode
Veracode
added 2023/03/12 1:17 p.m.30 views

Denial Of Service (DoS)

redis is vulnerable to Denial of Service DoS attacks. Authenticated users can trigger an integer overflow, resulting in runtime assertion and termination of the Redis server process using specially crafted commands such as SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD...

6.5CVSS6.3AI score0.00902EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.3 views

SUSE CVE-2018-12453

Type confusion in the xgroupCommand function in tstream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream...

7.5CVSS7.7AI score0.24182EPSS
Exploits5References3
RedHat Linux
RedHat Linux
added 2022/11/15 10:21 a.m.4 views

redis: Malformed Lua script can crash Redis

A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process...

5.5CVSS7.1AI score0.01498EPSS
Exploits1References5
Rows per page
Query Builder