Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redis redis vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2020-4670
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: ...
Ibm Planning Analytics Local 2.0.0
Ibm Planning Analytics Cloud 2.0.0
9.8
CVSSv3
CVE-2021-33026
The Flask-Caching extension up to and including 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct ...
Flask-caching Project Flask-caching
1 Github repository
8.8
CVSSv3
CVE-2021-29477
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote c...
Redislabs Redis
Fedoraproject Fedora 33
Fedoraproject Fedora 34
8.8
CVSSv3
CVE-2021-29478
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 prior to 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and previ...
Redislabs Redis
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2021-29469
Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3...
Redis.js Redis
5.3
CVSSv3
CVE-2021-3470
A heap overflow issue was found in Redis in versions prior to 5.0.10, prior to 6.0.9 and prior to 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast...
Redislabs Redis
Redislabs Redis 6.2.0
4.4
CVSSv3
CVE-2021-22194
In all versions of GitLab, marshalled session keys were being stored in Redis.
Gitlab Gitlab
8.8
CVSSv3
CVE-2021-21309
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a config...
Redislabs Redis
4.7
CVSSv3
CVE-2020-23249
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.
Gigamon Gigavue-os
4.4
CVSSv3
CVE-2020-13344
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »