Download
| Alert*
oval:org.secpod.oval:def:2001569
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging "limited access to the machine." oval:org.secpod.oval:def:2001634 networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol . oval:org.secpod.oval:def:602131 redis-server is installed oval:org.secpod.oval:def:109322 redis is installed oval:org.secpod.oval:def:705073 redis-tools is installed oval:org.secpod.oval:def:705074 redis is installed oval:org.secpod.oval:def:604929 redis is installed oval:org.secpod.oval:def:53355 Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service. oval:org.secpod.oval:def:1801020 CVE-2018-11218: Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. oval:org.secpod.oval:def:1801016 CVE-2018-11218: Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. oval:org.secpod.oval:def:1801017 redis is installed oval:org.secpod.oval:def:1801018 CVE-2018-11218: Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. oval:org.secpod.oval:def:603434 Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service. oval:org.secpod.oval:def:507286 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:507360 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:89047114 This update for redis fixes the following issues: redis was updated to 6.0.13: * CVE-2021-29477: Integer overflow in STRALGO LCS command * CVE-2021-29478: Integer overflow in COPY command for large intsets * Cluster: Skip unnecessary check which may prevent failure detection * Fix performance regr ... oval:org.secpod.oval:def:112009 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:602574 It was discovered that redis, a persistent key-value database, did not properly protect redis-cli history files: they were created by default with world-readable permissions. Users and systems administrators may want to proactively change permissions on existing ~/rediscli_history files, instead of ... oval:org.secpod.oval:def:112487 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:114691 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:114703 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:605952 Reginaldo Silva discovered a Lua sandbox escape in Redis, a persistent key-value database. oval:org.secpod.oval:def:126148 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:126144 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:1506155 [6.2.7-1] - rebase to 6.2.7 #1999873 oval:org.secpod.oval:def:120872 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:120870 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:120528 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:120521 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:120334 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:120331 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:125217 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:122118 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:122113 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:5800055 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:89047354 This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection . - CVE-2022-24736: Fixed Lua NULL pointer dereference . oval:org.secpod.oval:def:1701651 A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. A flaw was found in the Redis database when a malformed Lua s ... oval:org.secpod.oval:def:87155 [6.2.7-1] - rebase to 6.2.7 #2083151 oval:org.secpod.oval:def:3300668 SUSE Security Update: Security update for redis oval:org.secpod.oval:def:2600076 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:89047743 This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection . - CVE-2022-24736: Fixed Lua NULL pointer dereference . oval:org.secpod.oval:def:2500858 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:1701746 Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the def ... oval:org.secpod.oval:def:2500491 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:1701716 Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code ... oval:org.secpod.oval:def:2500397 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:89047330 This update for redis fixes the following issues: - CVE-2021-32627: Fixed integer to heap buffer overflows with streams . - CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types . - CVE-2021-32687: Fixed integer to heap buffer overflow with intsets . - CVE-2021-3 ... oval:org.secpod.oval:def:1701701 Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow tha ... oval:org.secpod.oval:def:89047232 This update for redis fixes the following issues: - Upgrade to 6.0.14 - CVE-2021-32625: An integer overflow bug could be exploited by using the STRALGO LCS command to cause remote remote code execution - Fix crash in UNLINK on a stream key with deleted consumer groups - SINTERSTORE: Add missing key ... oval:org.secpod.oval:def:1701706 Redis is an open source , in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixe ... oval:org.secpod.oval:def:2500281 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:73628 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:4500043 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:1504874 [6.0.9-3] - fix integer overflow via STRALGO LCS command CVE-2021-29477 oval:org.secpod.oval:def:109335 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:602133 It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code. oval:org.secpod.oval:def:109321 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:503310 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:69889 Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:89051062 This update for redis fixes the following issues: * CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation . oval:org.secpod.oval:def:89049301 This update for redis fixes the following issues: * CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field. * CVE-2022-24834: Fixed a heap overflow in the cjson and cmsgpack libraries oval:org.secpod.oval:def:125711 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:89049133 This update for redis fixes the following issues: * CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries . oval:org.secpod.oval:def:89051045 This update for redis fixes the following issues: * CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation . oval:org.secpod.oval:def:125918 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:125920 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:1701648 A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code e ... oval:org.secpod.oval:def:125363 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:125366 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:3301747 Security update for redis oval:org.secpod.oval:def:3301825 Security update for redis oval:org.secpod.oval:def:97877 Multiple security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or ACL bypass. oval:org.secpod.oval:def:1702107 Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. Redis is an in-memory database tha ... oval:org.secpod.oval:def:3300601 SUSE Security Update: Security update for redis oval:org.secpod.oval:def:89048808 This update for redis fixes the following issues: * CVE-2022-36021: Fixed possible integer overflow via specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands . * CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field . * CVE-2023-25155: Fixed integer overflo ... oval:org.secpod.oval:def:89048539 This update for redis fixes the following issues: * CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands . * CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion . oval:org.secpod.oval:def:124895 Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ... oval:org.secpod.oval:def:89048601 This update for redis fixes the following issues: * CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands . * CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion . The following non-security bug was fixed: * Fixed redis-sentinel not star ... oval:org.secpod.oval:def:1701680 Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory panic. The problem is fixed in ... oval:org.secpod.oval:def:3300258 SUSE Security Update: Security update for redis |