CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

PT-2026-22016

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description A missing bounds check in the smartcard unpack read size align function within libfreerdp/utils/smartcard pack.c can cause the FreeRDP client to crash when connecting to a malicious RDP server. This...

Linux Distros Unpatched Vulnerability : CVE-2024-33263

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JSFreeRuntimeJSRuntime at quickjs.c. CVE-2024-33263 Note that Nessus relies on the...

BIT-VALKEY-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

BIT-KEYDB-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

BIT-REDIS-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2023:2122-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2122-1 advisory. - Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCA...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-164)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-164 advisory. Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and...

Command Injection

redis is vulnerable to Command Injection. The vulnerability allows authenticated users to use the 'MSETNX' command to trigger a runtime assertion and termination withing the redis server process...

Fedora 38 : redis (2023-e3e1f9dd4d)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e3e1f9dd4d advisory. Redis 7.0.10 Released Mon Mar 20 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-28425 Specially...

FreeBSD : redis -- specially crafted MSETNX command can lead to denial-of-service (a60cc0e4-c7aa-11ed-8a4b-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a60cc0e4-c7aa-11ed-8a4b-080027f5fec9 advisory. - Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version...

DEBIAN-CVE-2023-28425

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

CVE-2023-28425

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

CVE-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

redis -- specially crafted MSETNX command can lead to denial-of-service

Yupeng Yang reports: Authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process...

MGASA-2023-0086 Updated redis packages fix security vulnerability

Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. CVE-2023-25155 String matching commands like SCAN or KEYS with a specially crafted pattern to trigger a...

Fedora 38 : redis (2023-b0768fba7b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b0768fba7b advisory. Redis 7.0.9 - Released Tue Feb 28 12:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-25155...

Fedora 37 : redis (2023-c685251667)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c685251667 advisory. Redis 7.0.9 - Released Tue Feb 28 12:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-25155...