Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redis redis - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-33026
The Flask-Caching extension up to and including 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct ...
Flask-caching Project Flask-caching
1 Github repository
9.8
CVSSv3
CVE-2020-11981
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
Apache Airflow
1 Github repository
9.8
CVSSv3
CVE-2020-11982
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and th...
Apache Airflow
9.8
CVSSv3
CVE-2019-17206
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) prior to 0.3.0 allows malicious users to execute arbitrary scripts.
Redis Wrapper Project Redis Wrapper
9.8
CVSSv3
CVE-2019-10160
A security regression of CVE-2019-9636 exists in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an malicious user to exploit CVE-2019-9636 by abusing the user and password p...
Python Python
Python Python 3.8.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Eus 7.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Redhat Virtualization 4.0
Netapp Cloud Backup -
9.8
CVSSv3
CVE-2019-9636
Python 2.7.x up to and including 2.7.16 and 3.x up to and including 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given ...
Python Python
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux 7.5
Redhat Enterprise Linux Server Tus 7.4
Redhat Enterprise Linux Eus 7.5
1 Article
9.8
CVSSv3
CVE-2018-0181
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote malicious user to modify key-value pairs for short-lived events stored by the Redis server. The vuln...
Cisco Cisco Policy Suite For Mobile 13.0.0
Cisco Cisco Policy Suite Diameter Routing Agent -
9.8
CVSSv3
CVE-2018-8073
Yii 2.x prior to 2.0.15 allows remote malicious users to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
Yiiframework Yii
9.8
CVSSv3
CVE-2017-1000248
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
Redis-store Redis-store
9.8
CVSSv3
CVE-2017-15047
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows malicious users to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."
Redislabs Redis 4.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »