Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redis redis - vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2022-0543
It exists, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Redis Redis -
1 Metasploit module
10 Github repositories
9.9
CVSSv3
CVE-2022-2992
A vulnerability in GitLab CE/EE affecting all versions from 11.10 before 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
Gitlab Gitlab
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2023-31654
Redis raft master-1b8bd86 to master-7b46079 exists to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.
Redis Redisraft -
9.8
CVSSv3
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) prior to 32.5.1.5, also fixed in 22.7, 31.7.2 allows malicious users to gain escalated privileges using crafted telnet commands via Redis server.
Extremenetworks Exos
9.8
CVSSv3
CVE-2022-41331
A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated malicious user to access the Redis and MongoDB instances via crafted authentication requests.
Fortinet Fortiproxy
9.8
CVSSv3
CVE-2022-3734
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit...
Redis Redis -
9.8
CVSSv3
CVE-2022-35951
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, before 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a su...
Redis Redis
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-36045
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far ...
Nodebb Nodebb
Nodebb Nodebb 2.0.0
1 Github repository
9.8
CVSSv3
CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated malicious user to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 prior to 7.4.17, fro...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
100 Github repositories
3 Articles
9.8
CVSSv3
CVE-2021-31649
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
Jfinal Jfinal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »