Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redis redis vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-41172
AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution....
Antsword Redis Project Antsword Redis
668
VMScore
CVE-2019-17206
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) prior to 0.3.0 allows malicious users to execute arbitrary scripts.
Redis Wrapper Project Redis Wrapper
828
VMScore
CVE-2016-10672
cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy...
Cloudpub-redis Project Cloudpub-redis 2.4.5
383
VMScore
CVE-2021-43697
Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER...
Workerman-thinkphp-redis Project Workerman-thinkphp-redis
890
VMScore
CVE-2015-4335
Redis prior to 2.8.21 and 3.x prior to 3.0.2 allows remote malicious users to execute arbitrary Lua bytecode via the eval command.
Redislabs Redis 3.0.0
Redislabs Redis 3.0.1
Redislabs Redis
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2023-36824
Redis is an in-memory database that persists on disk. In Redit 7.0 before 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code executio...
Redis Redis
Fedoraproject Fedora 37
Fedoraproject Fedora 38
NA
CVE-2023-41056
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
Redis Redis
Fedoraproject Fedora 38
Fedoraproject Fedora 39
NA
CVE-2022-24834
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua sc...
Redis Redis
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
NA
CVE-2023-31654
Redis raft master-1b8bd86 to master-7b46079 exists to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.
Redis Redisraft -
505
VMScore
CVE-2018-12453
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis prior to 5.0 allows remote malicious users to cause denial-of-service via an XGROUP command in which the key is not a stream.
Redislabs Redis
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »