Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redis redis vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-25155
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem ...
Redis Redis
7.5
CVSSv3
CVE-2022-33105
Redis v7.0 exists to contain a memory leak via the component streamGetEdgeID.
Redis Redis 7.0
3.7
CVSSv3
CVE-2023-28858
redis-py prior to 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatG...
Redis Redis-py
6.5
CVSSv3
CVE-2023-28859
redis-py prior to 4.4.4 and 4.5.x prior to 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the sol...
Redis Redis-py
7.5
CVSSv3
CVE-2023-31655
redis v7.0.10 exists to contain a segmentation violation. This vulnerability allows malicious users to cause a Denial of Service (DoS) via unspecified vectors.
Redis Redis 7.0.10
9.8
CVSSv3
CVE-2017-1000248
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
Redis-store Redis-store
3.6
CVSSv3
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of ti...
Redis Redis
Redis Redis 2.6.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2022-35951
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, before 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a su...
Redis Redis
Fedoraproject Fedora 37
5.3
CVSSv3
CVE-2021-3470
A heap overflow issue was found in Redis in versions prior to 5.0.10, prior to 6.0.9 and prior to 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast...
Redislabs Redis
Redislabs Redis 6.2.0
5.4
CVSSv3
CVE-2021-41172
AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution....
Antsword Redis Project Antsword Redis
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »