15 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006177)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006177 advisory. Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2025-1195)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1195 advisory. TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopenw on the history path and subsequent chmod on the...
Important: redis6
Issue Overview: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-717)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-717 advisory. Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Tenable has...
Important: redis6
Issue Overview: Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Affected Packages: redis6 Issue Correction: Run dnf update redis6 --releasever 2023.5.20241001 or dnf...
Important: redis6
Issue Overview: Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Affected Packages: redis6 Issue Correction: Run dnf update redis6 --releasever 2023.5.20241001 to updat...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-528)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-528 advisory. 2024-02-29: CVE-2023-45145 was added to this advisory. Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-538)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-538 advisory. Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-516)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-516 advisory. Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote...
Amazon Linux 2023 : redis6 (ALAS2023-2024-513)
The version of redis6 installed on the remote host is prior to 6.2.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-513 advisory. - Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-291)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-291 advisory. A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap...
Important: redis6
Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-164)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-164 advisory. Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and...
Low: redis6
Issue Overview: A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. CVE-2022-24735 A flaw was found in the Red...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-064)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-064 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...