Lucene search
K

114 matches found

OSV
OSV
added 2022/05/14 3:31 a.m.11 views

GHSA-4HX3-M8W5-G5QH yii2-redis Potential Remote code execution

Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...

9.8CVSS9.8AI score0.01588EPSS
Exploits0References5
Veracode
Veracode
added 2022/05/05 2:25 a.m.33 views

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An attacker can load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process...

5.5CVSS2.6AI score0.01498EPSS
Exploits1References16Affected Software1
OSV
OSV
added 2022/04/27 8:15 p.m.5 views

DEBIAN-CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

5.5CVSS6.2AI score0.01498EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2022/04/27 7:55 p.m.46 views

CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

5.5CVSS5.7AI score0.01498EPSS
Exploits1
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.4 views

Redis Labs Redis 代码问题漏洞

Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. A security vulnerability...

5.5CVSS7.4AI score0.01498EPSS
Exploits1References16
BDU FSTEC
BDU FSTEC
added 2022/04/05 12:0 a.m.8 views

The vulnerability of the redis-server component of the Redis database management system allows a attacker to cause a service failure.

The vulnerability of the redis-server component of the Redis database management system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to cause service interruptions...

7.8CVSS7.5AI score0.01211EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2021/10/26 12:0 a.m.5 views

Redis Labs Redis 跨站脚本漏洞

Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A cross-site scripting vulnerability exists in ASRedis versions prior to 0.5, which can be exploited ...

6.4CVSS5.6AI score0.00989EPSS
Exploits1References3
Huntr
Huntr
added 2021/10/03 7:20 a.m.25 views

Server-Side Request Forgery (SSRF) in appwrite/appwrite

Description An authenticated SSRF vulnerability exists in appwrite's webhooks / tasks feature. The gopher:// protocol can be used to cause code execution on the Redis server that comes along with appwrite. The attacker must know the IP address of the redis-server which can be done by creating...

2.2AI score
Exploits0
OSV
OSV
added 2021/09/20 4:15 p.m.3 views

UBUNTU-CVE-2020-21468

DISPUTED A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service DOS. NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7...

7.5CVSS5.8AI score0.01211EPSS
Exploits0References5
NVD
NVD
added 2021/05/17 5:15 p.m.14 views

CVE-2020-4670

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401...

9.1CVSS0.02508EPSS
Exploits0References2
OSV
OSV
added 2021/05/17 5:15 p.m.4 views

CVE-2020-4670

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401...

9.1CVSS7.4AI score0.02508EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/17 5:10 p.m.17 views

CVE-2020-4670

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401...

7.4CVSS9AI score0.02508EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/14 7:56 p.m.18 views

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace and all IBM Planning Analytics Cloud Data Centers have been updated. Vulnerability Details...

9.1CVSS1AI score0.02508EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.4 views

IBM Planning Analytics 授权问题漏洞

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. IBM Planning Analytics suffers from an authorization issue vulnerability that stems from the fact...

9.1CVSS8.1AI score0.02508EPSS
Exploits0References5
Virtuozzo
Virtuozzo
added 2021/02/15 12:0 a.m.43 views

Virtuozzo Hybrid Infrastructure 4.5 (4.5.0-284)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance the end-user experience and service providers' interoperability. The improvements cover compute services, networking, storage core, monitoring, and the administrative user interface. Additionally,...

0.7AI score
Exploits0
Gitee
Gitee
added 2020/06/26 11:0 a.m.3 views

Gopherus

This is a Python script for generating gopher links to exploit Server-Side Request Forgery SSRF vulnerabilities in various servers. The script is designed to be used with the Metasploit framework. The script defines several classes for different types of servers, including MySQL, FastCGI,...

7.4AI score
Exploits0
OSV
OSV
added 2019/02/18 11:47 p.m.11 views

GHSA-J3CR-J9JX-MF4P Downloads Resources over HTTP in redis-srvr

Affected versions of redis-srvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/01/10 12:0 a.m.18 views

CVE-2018-0181 Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability

A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...

7.3CVSS9.6AI score0.02174EPSS
Exploits0References2
Cisco
Cisco
added 2019/01/09 4:0 p.m.114 views

Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability

A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...

7.3CVSS8.6AI score0.02174EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/11/15 5:33 a.m.60 views

GitLab: CRLF injection & SSRF in git:// protocal lead to arbitrary code execution

Summary: The implementation of git:// protocal in GitLab is vulnerable to CRLF injection and Server-Side Request Forgery. If the redis server is configured to listen on TCP socket eg. port 6379, an attacker can abuse SSRF to manipulate redis server, injecting malicious payload into systemhookpush...

0.6AI score
Exploits0
Rows per page
Query Builder