Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redis redis - vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-15105
Django Two-Factor Authentication prior to 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by enterin...
Django Two-factor Authentication Project Django Two-factor Authentication
5.4
CVSSv3
CVE-2020-5205
In Pow (Hex package) prior to 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have th...
Powauth Pow
5.3
CVSSv3
CVE-2021-3470
A heap overflow issue was found in Redis in versions prior to 5.0.10, prior to 6.0.9 and prior to 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast...
Redislabs Redis
Redislabs Redis 6.2.0
5.3
CVSSv3
CVE-2020-15698
An issue exists in Joomla! up to and including 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
Joomla Joomla\\!
4.7
CVSSv3
CVE-2020-23249
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.
Gigamon Gigavue-os
4.4
CVSSv3
CVE-2021-22194
In all versions of GitLab, marshalled session keys were being stored in Redis.
Gitlab Gitlab
4.4
CVSSv3
CVE-2020-13344
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis
Gitlab Gitlab
4.3
CVSSv3
CVE-2023-45148
Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Us...
Nextcloud Nextcloud Server 27.0.0
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2021-32672
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debuggi...
Redis Redis
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Netapp Management Services For Element Software -
Netapp Management Services For Netapp Hci -
Oracle Communications Operations Monitor 4.3
Oracle Communications Operations Monitor 4.4
Oracle Communications Operations Monitor 5.0
3.7
CVSSv3
CVE-2023-28858
redis-py prior to 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatG...
Redis Redis-py
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »