Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redis redis vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-50725
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</scrip...
Resque Resque
6.1
CVSSv3
CVE-2023-50724
Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions prior to 2.1.0 are vulnerable to reflected XSS through the current_queue parameter i...
Resque Resque
7.5
CVSSv3
CVE-2023-47120
Discourse is an open source platform for community discussion. In versions 3.1.0 up to and including 3.1.2 of the `stable` branch and versions 3.1.0,beta6 up to and including 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site wi...
Discourse Discourse 3.1.0
Discourse Discourse 3.2.0
Discourse Discourse
8.8
CVSSv3
CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an malicious user to execute arbitrary code via the code logic after valid authentication.
Redislabs Redisgraph
3.6
CVSSv3
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of ti...
Redis Redis
Redis Redis 2.6.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) prior to 32.5.1.5, also fixed in 22.7, 31.7.2 allows malicious users to gain escalated privileges using crafted telnet commands via Redis server.
Extremenetworks Exos
4.3
CVSSv3
CVE-2023-45148
Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Us...
Nextcloud Nextcloud Server 27.0.0
Nextcloud Nextcloud Server
8.8
CVSSv3
CVE-2023-42809
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with...
Redisson Redisson
3.3
CVSSv3
CVE-2023-41053
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or...
Redis Redis 7.2.0
Redis Redis
7.5
CVSSv3
CVE-2023-35391
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
Microsoft .net
Microsoft Visual Studio 2022
Microsoft Asp.net Core
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »