Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redis redis - vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2020-4670
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: ...
Ibm Planning Analytics Local 2.0.0
Ibm Planning Analytics Cloud 2.0.0
9.1
CVSSv3
CVE-2020-3158
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote malicious user to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a def...
Cisco Smart Software Manager On-prem
1 Article
9.1
CVSSv3
CVE-2019-9948
urllib in Python 2.x up to and including 2.7.16 supports the local_file: scheme, which makes it easier for remote malicious users to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
Python Python
Opensuse Leap 42.3
Opensuse Leap 15.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 8.0
Redhat Enterprise Linux Workstation 8.0
Redhat Enterprise Linux Server 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Tus 8.2
Redhat Enterprise Linux Tus 8.4
8.8
CVSSv3
CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an malicious user to execute arbitrary code via the code logic after valid authentication.
Redislabs Redisgraph
8.8
CVSSv3
CVE-2023-42809
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with...
Redisson Redisson
8.8
CVSSv3
CVE-2022-24834
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua sc...
Redis Redis
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
8.8
CVSSv3
CVE-2023-36824
Redis is an in-memory database that persists on disk. In Redit 7.0 before 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code executio...
Redis Redis
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.8
CVSSv3
CVE-2022-39267
Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions before 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Re...
Xbifrost Bifrost
8.8
CVSSv3
CVE-2022-31144
Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch before 7.0.4. The patch is rele...
Redis Redis
1 Github repository
8.8
CVSSv3
CVE-2021-41230
Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user's claims a...
Pomerium Pomerium
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »