114 matches found
GHSA-4HX3-M8W5-G5QH yii2-redis Potential Remote code execution
Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...
Denial Of Service (DoS)
Redis is vulnerable to denial of service. An attacker can load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process...
DEBIAN-CVE-2022-24736
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...
CVE-2022-24736
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...
Redis Labs Redis 代码问题漏洞
Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. A security vulnerability...
The vulnerability of the redis-server component of the Redis database management system allows a attacker to cause a service failure.
The vulnerability of the redis-server component of the Redis database management system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to cause service interruptions...
Redis Labs Redis 跨站脚本漏洞
Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A cross-site scripting vulnerability exists in ASRedis versions prior to 0.5, which can be exploited ...
Server-Side Request Forgery (SSRF) in appwrite/appwrite
Description An authenticated SSRF vulnerability exists in appwrite's webhooks / tasks feature. The gopher:// protocol can be used to cause code execution on the Redis server that comes along with appwrite. The attacker must know the IP address of the redis-server which can be done by creating...
UBUNTU-CVE-2020-21468
DISPUTED A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service DOS. NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7...
CVE-2020-4670
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401...
CVE-2020-4670
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401...
CVE-2020-4670
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace and all IBM Planning Analytics Cloud Data Centers have been updated. Vulnerability Details...
IBM Planning Analytics 授权问题漏洞
IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. IBM Planning Analytics suffers from an authorization issue vulnerability that stems from the fact...
Virtuozzo Hybrid Infrastructure 4.5 (4.5.0-284)
In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance the end-user experience and service providers' interoperability. The improvements cover compute services, networking, storage core, monitoring, and the administrative user interface. Additionally,...
Gopherus
This is a Python script for generating gopher links to exploit Server-Side Request Forgery SSRF vulnerabilities in various servers. The script is designed to be used with the Metasploit framework. The script defines several classes for different types of servers, including MySQL, FastCGI,...
GHSA-J3CR-J9JX-MF4P Downloads Resources over HTTP in redis-srvr
Affected versions of redis-srvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
CVE-2018-0181 Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...
Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...
GitLab: CRLF injection & SSRF in git:// protocal lead to arbitrary code execution
Summary: The implementation of git:// protocal in GitLab is vulnerable to CRLF injection and Server-Side Request Forgery. If the redis server is configured to listen on TCP socket eg. port 6379, an attacker can abuse SSRF to manipulate redis server, injecting malicious payload into systemhookpush...